Sendmail Insecure Temporary File Privilege Escalation Vulnerability

Bugtraq ID:	7614
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	May 16 2003 12:00AM
Updated:	May 16 2003 12:00AM
Credit:	Discovery is credited to Paul Szabo.
Vulnerable:	Sendmail Consortium Sendmail 8.12.9 + Slackware Linux 9.0 + Slackware Linux 8.1 + Slackware Linux -current Sendmail Consortium Sendmail 8.12.3 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + FreeBSD FreeBSD 4.6 + S.u.S.E. Linux 8.0 i386 + S.u.S.E. Linux 8.0 Sendmail Consortium Sendmail 8.9.3 + Compaq Tru64 5.1 PK5 (BL19) + Compaq Tru64 5.0 a PK3 (BL17) + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + IBM AIX 4.3.3 + SGI IRIX 6.5.19 + SGI IRIX 6.5.18 m + SGI IRIX 6.5.18 f + SGI IRIX 6.5.17 m + SGI IRIX 6.5.17 f + SGI IRIX 6.5.16 m + SGI IRIX 6.5.16 f + SGI IRIX 6.5.15 m + SGI IRIX 6.5.15 f + SGI IRIX 6.5.14 m + SGI IRIX 6.5.14 f + SGI IRIX 6.5.13 m + SGI IRIX 6.5.13 f + SGI IRIX 6.5.12 m + SGI IRIX 6.5.12 f + SGI IRIX 6.5.11 m + SGI IRIX 6.5.11 f + SGI IRIX 6.5.10 m + SGI IRIX 6.5.10 f + SGI IRIX 6.5.9 m + SGI IRIX 6.5.9 f + SGI IRIX 6.5.8 m + SGI IRIX 6.5.8 f + SGI IRIX 6.5.7 m + SGI IRIX 6.5.7 f

Not Vulnerable: