Signature Detail
Short Name |
SMTP:RESPONSE:PIPE-FAILED |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SMTP |
Keywords |
Response '|' Attempt Failed |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: Response '|' Attempt Failed
This signature detects attempts to exploit a known vulnerability against the pipe (|) passthrough in SendMail. This vulnerability is detected when SMTP server responses are generated indicating that an unsuccessful attempt was made to send shell commands through an SMTP e-mail message. The attacker receives a "550" error message, however if the attack is successful, malicious code could execute causing Sendmail to reroute data to another program.
Extended Description
A vulnerability in Eric Allman's Sendmail prior to version 8.6.10 (and any versions based on 5.x) can be exploited to gain root access on the affected machine. This vulnerability involves sending invalid "mail from" and "rcpt to" addresses that cause sendmail to inappropriately redirect data to another program.
Affected Products
- Eric Allman Sendmail 5.58.0
- Eric Allman Sendmail 5.59.0
References
- BugTraq: 2308
- CVE: CVE-1999-0203