Sendmail V.5 -oR特权提升漏洞

漏洞信息详情

Sendmail V.5 -oR特权提升漏洞

• CNNVD编号：CNNVD-199508-003
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1580
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  1995-08-23
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  sendmail
• 漏洞来源：
  Discovery is credi…

SunOS sendmail 5.59到5.65版本使用popen处理转发主机参数。本地用户通过修改IFS
（内部字段分隔符
）变量和传递畸形值给-oR选项提升根特权。

This issue has been addressed in Sendmail versions 8.6.12 and later. Users should upgrade to recent versions of Sendmail to address this and other known vulnerabilities. Upgrades are especially advised if V.5 is still being used.
The status of fixes for SunOS 4.1.x is currently not known. Those that are running affected versions of SunOS should contact the vendor to determine the availability of fixes.

来源:CERT/CC Advisory: CA-95.11.sun.sendmail-oR.vul
名称: CA-1995-11
链接:http://www.cert.org/advisories/CA-95.11.sun.sendmail-oR.vul

来源:US-CERT Vulnerability Note: VU#3278
名称: VU#3278
链接:http://www.kb.cert.org/vuls/id/3278

来源: BID
名称: 7829
链接:http://www.securityfocus.com/bid/7829

来源: AUSCERT
名称: AA-95.09
链接:http://www.auscert.org.au/render.html?it=1853&cid=1978

来源: www.alw.nih.gov
链接:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-21.html