Signature Detail
Short Name |
SMTP:EMAIL:REPLY-TO-PIPE |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
SMTP |
Keywords |
REPLY TO PIPE |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: REPLY TO PIPE
This signature detects attempts to send shell commands through an SMTP e-mail message by exploiting the pipe passthrough vulnerability. Attackers can use the invalid "reply to |" as the "reply to" e-mail address to cause Sendmail to reroute data to another program. This can also be legitimate traffic from several types of SMTP servers.
Extended Description
A vulnerability in Eric Allman's Sendmail prior to version 8.6.10 (and any versions based on 5.x) can be exploited to gain root access on the affected machine. This vulnerability involves sending invalid "mail from" and "rcpt to" addresses that cause sendmail to inappropriately redirect data to another program.
Affected Products
- Eric Allman Sendmail 5.58.0
- Eric Allman Sendmail 5.59.0
References
- BugTraq: 2308
- CVE: CVE-1999-0203