{"id":"DEBIAN-CVE-2002-1165","details":"Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) \"||\" sequences or (2) \"/\" characters, which are not properly filtered or verified.","modified":"2026-04-28T20:03:04.104460Z","published":"2002-10-11T04:00:00Z","upstream":["CVE-2002-1165"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2002-1165"}],"affected":[{"package":{"name":"sendmail","ecosystem":"Debian:11","purl":"pkg:deb/debian/sendmail?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.12.3-5"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2002-1165.json"}},{"package":{"name":"sendmail","ecosystem":"Debian:12","purl":"pkg:deb/debian/sendmail?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.12.3-5"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2002-1165.json"}},{"package":{"name":"sendmail","ecosystem":"Debian:13","purl":"pkg:deb/debian/sendmail?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.12.3-5"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2002-1165.json"}},{"package":{"name":"sendmail","ecosystem":"Debian:14","purl":"pkg:deb/debian/sendmail?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.12.3-5"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2002-1165.json"}}],"schema_version":"1.7.5"}