ID de Prueba:	1.3.6.1.4.1.25623.1.0.11088
Categoría:	SMTP problems
Título:	Sendmail DEBUG Mode Leak Vulnerability
Resumen:	According to the version number of the remote mail server,; a local user may be able to obtain the complete mail configuration and other interesting; information about the mail queue.
Descripción:	Summary: According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue. Vulnerability Insight: Even if the attacker is not allowed to access those information directly it is possible to circumvent this restriction by running: sendmail -q -d0-nnnn.xxx where nnnn & xxx are debugging levels. If users are not allowed to process the queue (which is the default) then you are not vulnerable. Note: This vulnerability is _local_ only. Solution: Update to the latest version of Sendmail or do not allow users to process the queue (RestrictQRun option). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0715 BindView Security Advisory: 20011001 Multiple Local Sendmail Vulnerabilities http://razor.bindview.com/publish/advisories/adv_sm812.html SGI Security Advisory: 20011101-01-I ftp://patches.sgi.com/support/free/security/advisories/20011101-01-I
Copyright	Copyright (C) 2002 Michel Arboi

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.