CVE-2002-1165

Description

Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.

How to fix CVE-2002-1165

To remediate CVE-2002-1165, upgrade the affected package to a fixed version below.

• Debian/sendmail—upgrade to 8.12.3-5 or later

Is CVE-2002-1165 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 8.12.3-5

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2002-1165