Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Sendmail debug mode leak
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue.
Insight
Insight
Even if the attacker is not allowed to access those information directly it is possible to circumvent this restriction by running: sendmail -q -d0-nnnn.xxx where nnnn & xxx are debugging levels. If users are not allowed to process the queue (which is the default) then you are not vulnerable. Note: This vulnerability is _local_ only.
Solution
Solution
Upgrade to the latest version of Sendmail or do not allow users to process the queue (RestrictQRun option)