The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
2003-05-15T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.2 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | sendmail | sendmail | 8.9.3 | Yes |
Application | sendmail | sendmail | 8.12.3 | Yes |
Application | sendmail | sendmail | 8.12.9 | Yes |
Operating System | debian | debian_linux | 3.0 | Yes |