Vulnerabilities > CVE-2001-0715 - Unspecified vulnerability in Sendmail
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.
Vulnerable Configurations
Nessus
| NASL family | SMTP problems |
| NASL id | SENDMAIL_DEBUG_LEAK.NASL |
| description | According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue even if he is not allowed to access those information directly, by running sendmail -q -d0-nnnn.xxx where nnnn & xxx are debugging levels. If users are not allowed to process the queue (which is the default) then you are not vulnerable. This vulnerability is _local_ only. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11088 |
| published | 2002-08-18 |
| reporter | This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/11088 |
| title | Sendmail RestrictQueueRun Option Debug Mode Information Disclosure |