VULHUB ™

Sendmail's debug mode allows the recipient of an email message to be a program that runs with the privileges of the user id which sendmail is running under. This user is normally root. This allows an attacker to set the recipient to the shell and include shell commands in the message body. This vulnerability was used by the Morris Worm.

Sendmail's debug mode allows the recipient of an email message to be a program that runs with the privileges of the user id which sendmail is running under. This user is normally root. This allows an attacker to set the recipient to the shell and include shell commands in the message body. This vulnerability was used by the Morris Worm.