| VID |
18037 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Sendmail server has the WIZ command enabled.
Sendmail is the standard Mail Transfer Agent for Unix systems. Older versions of Sendmail allow to execute the 'WIZ' command, which is originally intended to allow administrators to access a remote shell on the host. If the command is enabled, the host will response with the string "Please pass, oh mighty wizard". Then a remote attacker types "SHELL" and it will drop him into a root shell. A remote attacker can gain root access on the host using this problem.
* References:
http://www.cert.org/advisories/CA-1993-14.html
http://online.securityfocus.com/bid/2897
* Platforms Affected:
Sendmail Consortium Sendmail 4.1
Sendmail Consortium Sendmail 4.55
Sendmail Consortium Sendmail 5.59 |
| Recommendation |
The following sendmail site must be referred to be upgraded as non-vulnerable Sendmail version (8.12.5 or better):
ftp://ftp.sendmail.org/pub/sendmail/
-- Also --
Execution of this command must be prohibited by adding the following line to the /etc/sendmail.cf which is a configuration file.
OW*
At this time, one must restart after exiting the sendmail process in order to apply the change of configuration file. |
| Related URL |
CVE-1999-0145 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
