OSVDB ID: 15726 Title: Sendmail -C Arbitrary Privilege File Disclosure |
Info |
|
|
Dates |
||||
|
|
Description |
Sendmail contains a flaw that may allow a local attacker to access privileged files. The issue occured when calling sendmail with the -C option (alternate configuration file). By specifying an arbitrary system file with restricted permissions, sendmail would complain that the file was not a valid configuration file and display the contents to standard outpout. This could be used to read the contents of /etc/shadow or other sensitive files. |
Classification |
Location:
Local Access Required
Attack Type: Input Manipulation Impact: Loss of Confidentiality Exploit: Exploit Public Disclosure: OSVDB Verified |
Solution |
Upgrade to version 4.46 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
Credit |
|