Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows malicious users to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sendmail sendmail 8.12.0 |
||
sendmail sendmail 8.12.1 |
||
sendmail sendmail 8.12.2 |
||
sendmail sendmail 8.12.3 |
||
sendmail sendmail 8.12.4 |
||
sendmail sendmail 8.12.5 |
||
sendmail sendmail 8.12.6 |
||
netbsd netbsd 1.5 |
||
netbsd netbsd 1.5.1 |
||
netbsd netbsd 1.5.2 |
||
netbsd netbsd 1.5.3 |
||
netbsd netbsd 1.6 |