SMTP: Response '|' Attempt Failed
This signature detects attempts to exploit a known vulnerability against the pipe (|) passthrough in SendMail. This vulnerability is detected when SMTP server responses are generated indicating that an unsuccessful attempt was made to send shell commands through an SMTP e-mail message. The attacker receives a "550" error message, however if the attack is successful, malicious code could execute causing Sendmail to reroute data to another program.
Extended Description
A vulnerability in Eric Allman's Sendmail prior to version 8.6.10 (and any versions based on 5.x) can be exploited to gain root access on the affected machine. This vulnerability involves sending invalid "mail from" and "rcpt to" addresses that cause sendmail to inappropriately redirect data to another program.
Affected Products
Eric_allman sendmail
Short Name
SMTP:RESPONSE:PIPE-FAILED
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
'|' Attempt CVE-1999-0203 Failed Response bid:2308
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Eric_allman
CVSS Score
10.0