CVE-2001-0653

Sendmail <8.11.6 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2001-0653. PoCs published by RoMaN SoFt, Lucian Hudin, [email protected].

AI-analyzed exploit summary The vulnerability in Sendmail's debugging functionality allows a signed integer overflow via the '-d' switch, enabling arbitrary memory writes and potential full system compromise due to privilege elevation before dropping privileges.

Description

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

Exploits (4)

exploitdb WRITEUP VERIFIED
by RoMaN SoFt · textlocallinux
https://www.exploit-db.com/exploits/21063

The vulnerability in Sendmail's debugging functionality allows a signed integer overflow via the '-d' switch, enabling arbitrary memory writes and potential full system compromise due to privilege elevation before dropping privileges.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Sendmail (versions affected by CVE-2001-0653)
No auth needed
Prerequisites: Access to command-line arguments of Sendmail
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Lucian Hudin · textlocallinux
https://www.exploit-db.com/exploits/21062

The vulnerability in Sendmail's debugging functionality involves a signed integer overflow in the tTflag() function, allowing arbitrary memory writes via a large numeric value in the '-d' switch. This can lead to privilege escalation before Sendmail drops elevated privileges.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Sendmail (versions prior to fix)
No auth needed
Prerequisites: Access to command-line arguments of Sendmail
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by [email protected] · clocallinux
https://www.exploit-db.com/exploits/21061

This exploit targets a signed integer overflow in Sendmail's debugging functionality (CVE-2001-0653) to achieve arbitrary memory writes and execute shellcode. It uses the '-d' command-line switch to manipulate the trace vector and gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Sendmail 8.11.x
No auth needed
Prerequisites: Sendmail 8.11.x with SUID bit set · Access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by grange · clocallinux
https://www.exploit-db.com/exploits/21060

This exploit leverages a signed integer overflow in Sendmail's tTflag() function via the '-d' command-line switch to overwrite memory and achieve arbitrary code execution. It constructs a malicious debug argument to overwrite the GOT entry of setuid, redirecting execution to shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Sendmail 8.11.x
No auth needed
Prerequisites: Knowledge of VECT and GOT addresses for the target Sendmail binary · Ability to execute Sendmail with command-line arguments
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Various Sources x_refsource_confirm
http://www.sendmail.org/8.11.html
Various Sources vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3
Vendor Advisory vendor-advisory x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2001_028_sendmail_txt.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7016
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3163
Vendor Advisory vendor-advisory x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txt
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2001-106.html
Various Sources vendor-advisory x_refsource_immunix
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/l-133.shtml
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=99841063100516&w=2
Various Sources vendor-advisory x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-007
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412

Scores

EPSS 0.0118
EPSS Percentile 63.5%

Details

Status published
Products (7)
sendmail/sendmail 8.11.0
sendmail/sendmail 8.11.1
sendmail/sendmail 8.11.2
sendmail/sendmail 8.11.3
sendmail/sendmail 8.11.4
sendmail/sendmail 8.11.5
sendmail/sendmail 8.12 beta10 (5 CPE variants)
Published Sep 20, 2001
Tracked Since Feb 18, 2026