Vulnerability CVE-2001-0713

Vulnerability Name:

CVE-2001-0713 (CCN-7192)

Assigned:

2001-10-01

Published:

2001-10-01

Updated:

2008-09-05

Summary:

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2001-0713

Source: BINDVIEW
Type: Vendor Advisory
20011001 Multiple Local Sendmail Vulnerabilities

Source: CCN
Type: RAZOR Advisory October 1, 2001
Multiple Local Sendmail Vulnerabilities

Source: XF
Type: UNKNOWN
sendmail-setregid-gain-privileges(7192)

Source: CCN
Type: OSVDB ID: 9301
Sendmail -C Malformed Configuration Local Privilege Escalation

Source: BID
Type: UNKNOWN
3377

Source: CCN
Type: BID-3377
Sendmail Inadequate Privilege Lowering Vulnerability

Source: CCN
Type: Sendmail Web site
Sendmail 8.12.1

Source: XF
Type: UNKNOWN
sendmail-setregid-gain-privileges(7192)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sendmail:sendmail:*:*:*:*:*:*:*:* (Version <= 8.12.1)

Configuration CCN 1:

cpe:/a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK