CVE-2001-0713
Last modified
CVE-2001-0713 is a vulnerability of currently unknown severity. Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sendmail | Sendmail | <= 8.12.1 |
References
- http://razor.bindview.com/publish/advisories/adv_sm812.htmlVendor Advisory
- http://razor.bindview.com/publish/advisories/adv_sm812.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2001-0713?
How severe is CVE-2001-0713?
How do I fix CVE-2001-0713?
Are you affected by CVE-2001-0713?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST