Vulnerabilities > CVE-1999-0163 - Unspecified vulnerability in Eric Allman Sendmail
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | SMTP problems |
| NASL id | SMTP_PROGRAM.NASL |
| description | The remote SMTP server did not complain when issued the command : MAIL FROM: root@this_host RCPT TO: |testing This probably means that it is possible to send mail directly to programs, which is a serious threat, since this allows anyone to execute arbitrary commands on this host. *** This security hole might be a false positive, since *** some MTAs will not complain to this test, but instead *** just drop the message silently. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10261 |
| published | 1999-08-22 |
| reporter | This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10261 |
| title | Sendmail mail from/rcpt to Pipe Arbitrary Command Execution |