Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sendmail不充分特权降低漏洞
Vulnerability Description
Sendmail 8.12.1之前版本在-C选项用于载入自定义配置文件时不能正确地降低特权,本地用户可以借助名称中含高位设置(例如:(1)宏名称为一字符长,(2)被setoption函数处理的变量设置,或(3)被getmodifiers函数处理的Modifiers设置)字符的配置文件中畸形参数提升特权。
CVSS Information
N/A
Vulnerability Type
N/A