漏洞描述
General users were not restricted from executing Sendmail with the q option, and the Postfix binary lacked proper permission controls.This misconfiguration allowed unauthorized users to manipulate the mail queue or disrupt mail delivery.
sendmail-postfix-execution-restrictions: Sendmail/Postfix Execution Restrictions Misconfigured
PoC代码[已公开]
id: sendmail-postfix-execution-restrictions
info:
name: Sendmail/Postfix Execution Restrictions Misconfigured
author: songyaeji
severity: medium
description: |
General users were not restricted from executing Sendmail with the q option, and the Postfix binary lacked proper permission controls.This misconfiguration allowed unauthorized users to manipulate the mail queue or disrupt mail delivery.
reference:
- https://isms.kisa.or.kr
tags: local,linux,audit,sendmail,postfix,compliance
self-contained: true
code:
- engine:
- bash
source: |
if ! grep -qi 'restrictqrun' /etc/mail/sendmail.cf 2>/dev/null; then
echo "[VULNERABLE] sendmail.cf missing 'restrictqrun'"
else
echo "[SAFE] restrictqrun option is set in sendmail.cf"
fi
- engine:
- bash
source: |
if [ -x /usr/sbin/postfix ]; then
PERM="$(stat -c '%A' /usr/sbin/postfix 2>/dev/null || echo '')"
if [ "$PERM" != "-rwxr-x---" ]; then
echo "[VULNERABLE] /usr/sbin/postfix permission is '$PERM' (expected -rwxr-x---)"
else
echo "[SAFE] postfix binary permission is correct"
fi
fi
- engine:
- bash
source: |
if getent group postfix >/dev/null 2>&1; then
MEMBERS="$(getent group postfix | awk -F ':' '{print $4}')"
echo "$MEMBERS" | grep -qw root || echo "[VULNERABLE] 'root' not in 'postfix' group"
fi
matchers:
- type: word
name: restrictqrun
part: code_1_response
words:
- "[VULNERABLE]"
- type: word
name: postfix-permission
part: code_2_response
words:
- "[VULNERABLE]"
- type: word
name: postfix-group
part: code_3_response
words:
- "[VULNERABLE]"
# digest: 4a0a004730450220532eeadc9b326aedf00c342a793b477a85a927a91a2fb1ae9caf341d4f41aa32022100cad5d3ff5d3bc482a80979d50961d98d11788235a82926fcff701b4028fff58c:922c64590222798bb761d5b6d8e72950