CVE-2002-1165 : Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, an

Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.

Published 2002-10-11 04:00:00

Updated 2016-10-18 02:24:17

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2002-1165

Sendmail » Sendmail » Version: 8.12.4
cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.12.1
cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.12.3
cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.12.0
cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.12.2
cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.12.5
cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.12.6
cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
Matching versions
Netbsd » Netbsd » Version: 1.5
cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
Matching versions
Netbsd » Netbsd » Version: 1.5.1
cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
Matching versions
Netbsd » Netbsd » Version: 1.5.2
cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
Matching versions
Netbsd » Netbsd » Version: 1.5.3
cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
Matching versions
Netbsd » Netbsd » Version: 1.6
cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2002-1165

Top countries where our scanners detected CVE-2002-1165

Top open port discovered on systems with this issue 110

IPs affected by CVE-2002-1165 4

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2002-1165!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2002-1165

EPSS FAQ

2.51%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2002-1165

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2002-1165

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc
http://www.iss.net/security_center/static/10232.php

Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2002:083

Mandriva
http://www.sendmail.org/smrsh.adv.txt

Sendmail Sentrion Open Source - Open Source Email Server | Proofpoint US
Exploit;Patch;Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-073.html

Support

CVEs referencing this url
http://www.securityfocus.com/bid/5845

Exploit;Patch;Vendor Advisory
http://marc.info/?l=bugtraq&m=103350914307274&w=2

'iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities' - MARC

Jump to

Vulnerability Details : CVE-2002-1165

Products affected by CVE-2002-1165

Threat overview for CVE-2002-1165

Exploit prediction scoring system (EPSS) score for CVE-2002-1165

CVSS scores for CVE-2002-1165

References for CVE-2002-1165