Description
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_hp
http://archives.neohapsis.com/archives/hp/2003-q1/0033.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11366
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6878
Scores
EPSS
0.0080
EPSS Percentile
74.3%
Details
CWE
CWE-16
Status
published
Products (1)
hp/bastille
b.02.00.05
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026