| VID |
18025 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The SMTP server seems to pipe mail sent to the "decode" alias to a program.
All mail sent to this user is sent to the uudecode program, which automatically converts and stores files. This configuration could allow an attacker to remotely overwrite files on the system, which could possibly be used to leverage remote access. The uudecode alias might also exist in some configurations.
There have been in the past a lot of security problems regarding this, as it would allow crackers to overwrite arbitrary files on the remote server. |
| Recommendation |
Remove the "decode" line in the mail aliases file. If the /etc/aliases or /usr/lib/aliases (mail alias) file contains entries for these programs, remove them or disable them by placing # at the beginning of the line like the following examples, and then executing the newaliases command:
# decode: " |/usr/bin/uudecode"
# uudecode: "|/usr/bin/uuencode -d" |
| Related URL |
CVE-1999-0096 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
126 (ISS) |
|
