Sendmail Inadequate Privilege Lowering Vulnerability

Sendmail Inadequate Privilege Lowering Vulnerability

Sendmail is a widely used MTA often shipped with Unix systems.

In version 8.12.0, the 'sendmail' utility is setgid instead of setuid. The code that drops privileges does not lower the saved groupid. It is therefore possible to reclaim the effective groupid if an attacker can force the process to call setregid(). This may be possible due to several bugs in the config file parser.