CVE-2002-1165
published 2002-10-11CVE-2002-1165: Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass…
medium4.6CVSS 3.1
AVLACLAuNCPIPAP
EXPLOIT
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sendmail | < sendmail 8.12.3-5 (bookworm) | sendmail 8.12.3-5 (bookworm) |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | >= 0 < 8.12.3-5 | 8.12.3-5 |
| sendmail | sendmail | >= 0 < 8.12.3-5 | 8.12.3-5 |
| sendmail | sendmail | >= 0 < 8.12.3-5 | 8.12.3-5 |
| sendmail | sendmail | >= 0 < 8.12.3-5 | 8.12.3-5 |
CVSS provenance
nvd4.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM