• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Berkeley Sendmail MIME Vulnerability

From version 8.8.3 a vulnerability was introduced in the MIME support for sendmail. This description was taken from the CERT advisory CA-97.05:

With the release of sendmail version 8.8.3, a serious security vulnerability was introduced that allows remote users to execute arbitrary commands on the local system with root privileges. By sending a carefully crafted email message to a system running a vulnerable version of sendmail, intruders may be able to force sendmail to execute arbitrary commands with root privileges. Those commands are run on the same system where the vulnerable sendmail is running.