CVE-2002-1165

Sendmail 8.11-8.12.6 - Command Injection via SMRSH Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1165. PoCs published by zen-parse.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in smrsh, a restricted shell for Sendmail, by bypassing its command validation using double pipes (||) or path manipulation (./, ../). It allows execution of arbitrary commands outside the restricted environment.

Description

Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.

Exploits (1)

exploitdb WORKING POC VERIFIED

by zen-parse · textlocalunix

https://www.exploit-db.com/exploits/21884

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in smrsh, a restricted shell for Sendmail, by bypassing its command validation using double pipes (||) or path manipulation (./, ../). It allows execution of arbitrary commands outside the restricted environment.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Sendmail smrsh (versions prior to fix for CVE-2002-1165)

No auth needed

Prerequisites: Access to a system with vulnerable smrsh · Ability to execute smrsh with arbitrary commands

MITRE ATT&CK