Rapid7 Vulnerability & Exploit Database

RHSA-2001:106: New sendmail packages available which fix a local root exploit

Back to Search

RHSA-2001:106: New sendmail packages available which fix a local root exploit

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
09/20/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

An input validation error in the debugging functionality of all currently released versions of sendmail can enable a local user to gain root access. New packages that fix this problem are available for Red Hat Linux 5.2, 6.2, 7.0, and 7.1.

Sendmail, the low-level system for sending and receiving email for Red Hat Linux, has an input validation flaw in part of its debugging code. This flaw could be exploited by an attacker who already has local access to a system and wants to gain root privileges. Red Hat is issuing new sendmail packages that correct this flaw for all our currently supported Red Hat Linux platforms. All users are strongly advised to apply these fixes.

Solution(s)

  • redhat-upgrade-sendmail
  • redhat-upgrade-sendmail-cf
  • redhat-upgrade-sendmail-doc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;