SMTP: Debug Command
This signature detects attempts to exploit a known vulnerability against sendmail debug mode. The debug mode allows an e-mail message recipient to be a program that contains all the privileges of the user ID, which sendmail runs (usually root). Attackers can set the shell as the e-mail recipient and include malicious shell commands in the message body.
Extended Description
Sendmail's debug mode allows the recipient of an email message to be a program that runs with the privileges of the user id which sendmail is running under. This user is normally root. This allows an attacker to set the recipient to the shell and include shell commands in the message body. This vulnerability was used by the Morris Worm.
Affected Products
Eric_allman sendmail
Short Name
SMTP:COMMAND:DEBUG
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
CA-1988-01 CVE-1999-0095 Command Debug bid:1
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Eric_allman
CVSS Score
10.0