Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:662 |
| Message | SMTP sendmail 5.5.5 exploit |
| Summary | This event is generated when maliciously formatted "mail from" text is supplied. |
| Impact | Attempted administrator access. A successful attack can allow remote execution of commands with root privileges. |
| Detailed Information | A vulnerability exists in older versions of Sendmail that incorrectly parses message headers. This vulnerability can allow anattacker to execute arbitrary commands as root. |
| Affected Systems | Sendmail versions prior to 8.6.10 and any version based on 5.x. |
| Attack Scenarios | An attacker can craft a malicious mail header that executes a command. |
| Ease of Attack | Easy. Use a maliciously formatted header. |
| Corrective Action | Upgrade to version 8.6.10 or higher of Sendmail. |
| Additional References | Bugtraq: http://www.securityfocus.com/bid/2308 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0203 Arachnids: http://www.whitehats.com/info/IDS119 |
| Rule References | arachnids: 119 cve: 1999-0203 nessus: 10258 |
--
DID:795361
--
http://www.aanval.com/