SMTP in debug mode

smtp-debug (125) The risk level is classified as HighHigh Risk

Description:

Sendmail was found in debug mode which could allow an attacker to gain unauthorized access to the computer. An attacker could use debug mode to initiate a root-level shell on the target host.

Platforms Affected:

  • Compaq, Tru64
  • Cray, UNICOS
  • Data General, DG/UX
  • Digital, Ultrix
  • HP, Apollo Domain OS SR10.3
  • HP, ConvexOS
  • HP, HP-UX
  • IBM, AIX
  • Linux, Kernel
  • NeXT, NeXTSTEP
  • SCO, SCO Unix
  • Sendmail, Sendmail
  • SGI, IRIX
  • Sun, Solaris
  • WindRiver, BSDOS

Remedy:

Upgrade to the latest version of sendmail (5.59 or later), which does not implement the DEBUG feature, as listed in CERT Advisory CA-1988-01. See References.

Consequences:

Gain Privileges

References:

  • CERT Advisory CA-1988-01, ftpd vulnerability at http://www.cert.org/advisories/CA-1988-01.html.
  • CERT Advisory CA-1993-14, Internet Security Scanner (ISS) at http://www.cert.org/advisories/CA-1993-14.html.
  • Sendmail Consortium Web site, Sendmail Homepage at http://www.sendmail.org.
  • BID-1: Berkeley Sendmail DEBUG Vulnerability
  • BID-10: NeXTstep npd Vulnerability
  • BID-1000: Microsoft Windows Media Services Handshake Sequence DoS Vulnerability
  • BID-10002: cPanel Multiple Module Cross-Site Scripting Vulnerabilities
  • BID-10003: TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
  • BID-10004: TCPDump ISAKMP Identification Payload Integer Underflow Vulnerability
  • BID-10005: Interchange Remote Information Disclosure Vulnerability
  • BID-10007: Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerability
  • BID-10008: MPlayer Remote HTTP Header Buffer Overflow Vulnerability
  • BID-10009: Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability
  • BID-1001: InterAccess TelnetD Server 4.0 Terminal Configuration Vulnerability
  • BID-10010: LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
  • BID-10013: PHPKit Multiple HTML Injection Vulnerabilities
  • BID-10017: JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
  • BID-10018: MadBMS Unspecified Login Vulnerability
  • BID-10019: Cactusoft CactuShop SQL Injection Vulnerability
  • BID-1002: Sambar Server Batch CGI Vulnerability
  • BID-10020: CactuSoft CactuShop Cross-Site Scripting Vulnerability
  • BID-10022: Roger Wilco Server UDP Datagram Handling Denial Of Service Vulnerability
  • BID-10024: Roger Wilco Information Disclosure Vulnerability
  • BID-10025: Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
  • BID-10026: ADA IMGSVR Remote Directory Listing Vulnerability
  • BID-10027: ADA IMGSVR Remote File Download Vulnerability
  • BID-10028: OpenBSD ISAKMPD Zero Payload Length Denial Of Service Vulnerability
  • BID-1003: FTPx FTP Explorer Weak Password Encryption Vulnerability
  • BID-10033: HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability
  • BID-10036: Macromedia Dreamweaver Remote User Database Access Vulnerability
  • BID-10037: SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities
  • CVE-1999-0095: The debug command in Sendmail is enabled, allowing attackers to execute commands as root.
  • OSVDB ID: 195: Sendmail debug Arbitrary Command Execution

Reported:

Dec 01, 1988

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page