Rapid7 Vulnerability & Exploit Database

Sendmail Bounce To Program Vulnerability

Back to Search

Sendmail Bounce To Program Vulnerability

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/17/1995
Created
07/25/2018
Added
11/01/2004
Modified
12/04/2013

Description

In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "MAIL FROM" address and an invalid "RCPT TO" address that would cause the mail to bounce to a program.

Solution(s)

  • sendmail-upgrade-8_6_12

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;