CVE-2002-1165
Last modified
CVE-2002-1165 is a vulnerability of currently unknown severity. Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.. EPSS estimates a 1.10% chance of exploitation in the next 30 days.
Description
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sendmail | Sendmail | 8.12.0 |
| Sendmail | Sendmail | 8.12.1 |
| Sendmail | Sendmail | 8.12.2 |
| Sendmail | Sendmail | 8.12.3 |
| Sendmail | Sendmail | 8.12.4 |
| Sendmail | Sendmail | 8.12.5 |
| Sendmail | Sendmail | 8.12.6 |
| Netbsd | Netbsd | 1.5 |
| Netbsd | Netbsd | 1.5.1 |
| Netbsd | Netbsd | 1.5.2 |
| Netbsd | Netbsd | 1.5.3 |
| Netbsd | Netbsd | 1.6 |
References
- http://www.iss.net/security_center/static/10232.phpVendor Advisory
- http://www.securityfocus.com/bid/5845Exploit, Patch, Vendor Advisory
- http://www.sendmail.org/smrsh.adv.txtExploit, Patch, Vendor Advisory
- http://www.iss.net/security_center/static/10232.phpVendor Advisory
- http://www.securityfocus.com/bid/5845Exploit, Patch, Vendor Advisory
- http://www.sendmail.org/smrsh.adv.txtExploit, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-1165?
How severe is CVE-2002-1165?
How do I fix CVE-2002-1165?
Are you affected by CVE-2002-1165?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST