Vulnerability Name:

CVE-2001-0715 (CCN-7191)

Assigned:2001-10-01
Published:2001-10-01
Updated:2011-03-08
Summary:Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: SGI Security Advisory 20011101-01-I
Multiple Local Sendmail Vulnerabilities

Source: SGI
Type: UNKNOWN
20011101-01-I

Source: MITRE
Type: CNA
CVE-2001-0715

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0201-179
Sec. Vulnerability with sendmail(1m)

Source: BINDVIEW
Type: Exploit, Patch, Vendor Advisory
20011001 Multiple Local Sendmail Vulnerabilities

Source: CCN
Type: RAZOR Advisory October 1, 2001
Multiple Local Sendmail Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin M-020
SGI Multiple Local SendMail Vulnerability

Source: CCN
Type: OSVDB ID: 9303
Sendmail RestrictQueueRun Option Debug Mode Local Information Disclosure

Source: CCN
Type: BID-3898
HP Sendmail Diagnostic Code Information Leakage Vulnerability

Source: CCN
Type: Sendmail Web site
Sendmail 8.12.1

Source: XF
Type: UNKNOWN
sendmail-debug-gain-information(7191)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sendmail:sendmail:*:*:*:*:*:*:*:* (Version <= 8.12.1)

  • Configuration CCN 1:
  • cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    sendmail sendmail *
    hp hp-ux 10.20
    sendmail sendmail 8.12.0
    hp hp-ux 11.00
    hp hp-ux 11.11