VDB
CVE-2002-1165
CVE-2002-1165
PUBLISHED
CVSS 4.599999904632568 MEDIUM
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
EPSS 1.14% · 78.7th percentile
Risk Scores
CVSS 2.0
4.599999904632568
EPSS Score
1.14%
78.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sendmail | sendmail | 8.12.6, 8.12.2, 8.12.0 |
| n/a | n/a | n/a |
| netbsd | netbsd | 1.5.2, 1.5.3, 1.5.1 |
Timeline
- Oct 3, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- RHSA-2003:073 vendor-advisory
- CLA-2002:532 vendor-advisory
- NetBSD-SA2002-023 vendor-advisory
- 20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities mailing-list
- sendmail-forward-bypass-smrsh(10232) vdb
- MDKSA-2002:083 vendor-advisory
- http://www.sendmail.org/smrsh.adv.txt url
- 5845 vdb
- 7826 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-1165 advisory