| GEN:SID | 1:664 |
| Message | SMTP RCPT TO decode attempt |
| Summary | This event is generated when maliciously formatted "rcpt to" text is supplied to Sendmail.
|
| Impact | Attempted administrator access. A successful attack can allow remote execution of commands with root privleges.
|
| Detailed Information | A vulnerability exists in older versions of Sendmail that incorrectly parses message headers. This can allow a malicious user to execute arbitrary commands as root.
|
| Affected Systems | Sendmail versions prior to 8.6.10 and any version based on 5.x.
|
| Attack Scenarios | An attacker can craft a malicious mail header that executes a command.
|
| Ease of Attack | Easy. Use a maliciously formatted header.
|
| Corrective Action | Upgrade to version 8.6.10 or higher of Sendmail.
|
| Additional References | Bugtraq: http://www.securityfocus.com/bid/2308
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0203
|
| Rule References | arachnids: 121
bugtraq: 2308
cve: 1999-0203
|