CVE
- Id
- 550
- CVE No.
- CVE-1999-0565
- Status
- Candidate
- Description
- A Sendmail alias allows input to be piped to a program.
- Phase
- Proposed (19990728)
- Votes
- ACCEPT(1) Northcutt | NOOP(1) Baker | RECAST(1) Shostack | REVIEWING(1) Christey
- Comments
- Shostack> Is this a default alias? Is my .procmailrc an instance of this? | Christey> It is not entirely clear whether the simple fact that an alias | pipes into a program should be considered a vulnerability. It | all depends on the behavior of that particular program. This | is one of a number of configuration-related issues from the | "draft" CVE that came from vulnerability scanners. In | general, when we get to general configuration and "policy," | it becomes more difficult to use the current CVE model to | represent them. So at the very least, this candidate (and | similar ones) should be given close consideration and | discussion before being added to the official CVE list. | | Because this candidate is related to general configuration | issues, and we have not completely determined how to handle | such issues in CVE, this candidate cannot be promoted to an | official CVE entry until such issues are resolved.
