Vulnerabilities > CVE-2001-0653 - Unspecified vulnerability in Sendmail

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
sendmail
nessus
exploit available

Summary

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

Exploit-Db

  • descriptionSendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (3). CVE-2001-0653. Local exploit for linux platform
    idEDB-ID:21062
    last seen2016-02-02
    modified2001-08-17
    published2001-08-17
    reporterLucian Hudin
    sourcehttps://www.exploit-db.com/download/21062/
    titleSendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability 3
  • descriptionSendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (4). CVE-2001-0653. Local exploit for linux platform
    idEDB-ID:21063
    last seen2016-02-02
    modified2001-08-17
    published2001-08-17
    reporterRoMaN SoFt
    sourcehttps://www.exploit-db.com/download/21063/
    titleSendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability 4
  • descriptionSendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (2). CVE-2001-0653. Local exploit for linux platform
    idEDB-ID:21061
    last seen2016-02-02
    modified2001-08-17
    published2001-08-17
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/21061/
    titleSendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability 2
  • descriptionSendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (1). CVE-2001-0653. Local exploit for linux platform
    idEDB-ID:21060
    last seen2016-02-02
    modified2001-08-17
    published2001-08-17
    reportergrange
    sourcehttps://www.exploit-db.com/download/21060/
    titleSendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability 1

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2001-075.NASL
    descriptionAn input validation error exists in sendmail that may allow local users to write arbitrary data to process memory. This could possibly allow the execute of code or commands with elevated privileges and may also allow a local attacker to gain access to the root account.
    last seen2020-06-01
    modified2020-06-02
    plugin id13890
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13890
    titleMandrake Linux Security Advisory : sendmail (MDKSA-2001:075)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2001:075. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(13890);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2001-0653");
      script_bugtraq_id(3163);
      script_xref(name:"MDKSA", value:"2001:075");
    
      script_name(english:"Mandrake Linux Security Advisory : sendmail (MDKSA-2001:075)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An input validation error exists in sendmail that may allow local
    users to write arbitrary data to process memory. This could possibly
    allow the execute of code or commands with elevated privileges and may
    also allow a local attacker to gain access to the root account."
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected sendmail, sendmail-cf and / or sendmail-doc
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-cf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2001/08/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sendmail-8.11.0-3.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sendmail-cf-8.11.0-3.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sendmail-doc-8.11.0-3.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sendmail-8.11.6-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sendmail-cf-8.11.6-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sendmail-doc-8.11.6-1.1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySMTP problems
    NASL idSENDMAIL_LOCAL_OVERFLOW.NASL
    descriptionThe remote Sendmail server, according to its version number, may be vulnerable to a local buffer overflow allowing local users to gain root privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id10729
    published2001-08-23
    reporterThis script is Copyright (C) 2001-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/10729
    titleSendmail < 8.11.6 -d category Value Local Overflow
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # References
    # [also vulnerable to a heap overflow]
    # Date:  Mon, 28 May 2001 18:16:57 -0400 (EDT)
    # From: "Michal Zalewski" <[email protected]>
    # To: [email protected]
    # Subject: Unsafe Signal Handling in Sendmail
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(10729);
      script_version("1.24");
      script_cvs_date("Date: 2018/09/17 21:46:53");
    
      script_cve_id("CVE-2001-0653");
      script_bugtraq_id(3163);
    
      script_name(english:"Sendmail < 8.11.6 -d category Value Local Overflow");
      script_summary(english:"Check Sendmail version number");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote service is vulnerable to a privilege escalation attack.");
      script_set_attribute(attribute:"description", value:
    "The remote Sendmail server, according to its version number, may be
    vulnerable to a local buffer overflow allowing local users to gain
    root privileges.");
      script_set_attribute(attribute:"solution", value:"Upgrade to Sendmail 8.12beta19 or 8.11.6.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2001-0653");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2001/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2001/08/23");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2001-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SMTP problems");
    
      script_dependencies("sendmail_detect.nbin");
      script_require_keys("installed_sw/Sendmail");
      exit(0);
    }
    
    include("vcf.inc");
    
    app_info = vcf::get_app_info(app:"Sendmail");
    
    constraints = [{ "fixed_version" : "8.11.6" }];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
    

Redhat

advisories
rhsa
idRHSA-2001:106