Search for vulnerabilities
Vulnerability details: VCID-trpc-4xtd-aaas
Vulnerability ID VCID-trpc-4xtd-aaas
Aliases CVE-2002-1165
Summary Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
Status Published
Exploitability 2.0
Weighted Severity 4.1
Risk 8.2
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.01967 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
epss 0.02514 https://api.first.org/data/v1/epss?cve=CVE-2002-1165
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1616854
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2002-1165
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532
http://marc.info/?l=bugtraq&m=103350914307274&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1165.json
https://api.first.org/data/v1/epss?cve=CVE-2002-1165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1165
http://secunia.com/advisories/7826
http://www.iss.net/security_center/static/10232.php
http://www.mandriva.com/security/advisories?name=MDKSA-2002:083
http://www.redhat.com/support/errata/RHSA-2003-073.html
http://www.securityfocus.com/bid/5845
http://www.sendmail.org/smrsh.adv.txt
1616854 https://bugzilla.redhat.com/show_bug.cgi?id=1616854
cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
CVE-2002-1165 https://nvd.nist.gov/vuln/detail/CVE-2002-1165
CVE-2002-1165;OSVDB-9305 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/local/21884.txt
CVE-2002-1165;OSVDB-9305 Exploit https://www.securityfocus.com/bid/5845/info
RHSA-2002:259 https://access.redhat.com/errata/RHSA-2002:259
RHSA-2003:073 https://access.redhat.com/errata/RHSA-2003:073
RHSA-2003:227 https://access.redhat.com/errata/RHSA-2003:227
Data source Exploit-DB
Date added Oct. 1, 2002
Description Sendmail 8.12.x - SMRSH Double Pipe Access Validation
Ransomware campaign use Known
Source publication date Oct. 1, 2002
Exploit type local
Platform unix
Source update date Oct. 10, 2012
Source URL https://www.securityfocus.com/bid/5845/info
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2002-1165
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.49736
EPSS Score 0.00135
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.