OSVDB ID: 15961

Title: Sendmail uucp Account .forward Arbitrary File Access

Info

Disclosure

Unknown

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Sendmail contains a flaw that may allow a local attacker to gain access to privileged files. The issue is due to the way Sendmail forwards mail via ~/.forward files. Accounts with a ~ in the login name, such as uucp, have world writeable home directories. If a local attacker creates a .forward file in the home directory, they can add arbitrary commands to the file. The next time mail is sent to the account, the contents of .forward will be executed with increased privileges.

Classification

Location: Local Access Required
Attack Type: Misconfiguration
Impact: Loss of Confidentiality
Exploit: Exploit Public

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Create a root owned, mode 600 .forward file in uucp's home directory

Products

Eric Allman

Sendmail

4.2

References

Credit

  • Russell J. Yount -


Direct URL: http://osvdb.org/15961