Signature Detail
Short Name |
SMTP:EMAIL:RCPT-TO-PIPE |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
SMTP |
Keywords |
RCPT TO PIPE |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: RCPT TO PIPE
This signature detects attempts to send shell commands through an SMTP e-mail message by exploiting the pipe passthrough vulnerability. Attackers can use the invalid "rcpt to |" as the "rcpt to" e-mail address to cause Sendmail to reroute data to another program. Some STMP servers have been shown to use the "|" character legitimately.
Extended Description
A vulnerability in Eric Allman's Sendmail prior to version 8.6.10 (and any versions based on 5.x) can be exploited to gain root access on the affected machine. This vulnerability involves sending invalid "mail from" and "rcpt to" addresses that cause sendmail to inappropriately redirect data to another program.
Affected Products
- Eric Allman Sendmail 5.58.0
- Eric Allman Sendmail 5.59.0
References
- BugTraq: 2308
- CVE: CVE-1999-0203