Description
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
References (5)
Core 5
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/3278
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.cert.org/advisories/CA-95.11.sun.sendmail-oR.vul
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7829
Vendor Advisory third-party-advisory
x_refsource_auscert
http://www.auscert.org.au/render.html?it=1853&cid=1978
Exploit x_refsource_misc
http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-21.html
Scores
EPSS
0.0071
EPSS Percentile
72.4%
Details
Status
published
Products (10)
sendmail/sendmail
5.59
sendmail/sendmail
5.61
sendmail/sendmail
5.65
sun/sunos
4.1.1
sun/sunos
4.1.2
sun/sunos
4.1.3
sun/sunos
4.1.3c
sun/sunos
4.1.3u1
sun/sunos
4.1.4
sun/sunos
4.1.4jl
Published
Aug 23, 1995
Tracked Since
Feb 18, 2026