CREST Practitioner Security Analyst (CPSA) Practice

What vulnerability does Sendmail 8.12.9's prescan function introduce?

• A. Information disclosure
• B. Denial of Service
• C. Remote code execution
• D. SQL injection

The correct answer is: Remote code execution

The prescan function in Sendmail 8.12.9 introduces a serious vulnerability related to remote code execution. This function is responsible for handling incoming mail messages, and it processes certain headers without properly validating or sanitizing the input. As a result, an attacker could craft a specially formatted email that exploits this oversight, potentially allowing them to execute arbitrary code on the affected system. Remote code execution vulnerabilities are critical because they can lead to full system compromise, allowing attackers to gain unauthorized access, manipulate data, install malware, or further infiltrate networks. In the case of Sendmail, which is a widely used mail transfer agent, the implications of such a vulnerability can extend beyond the individual system to affect the overall security of the email infrastructure. In contrast, the other options do not accurately describe the nature of the vulnerability introduced by the prescan function. Information disclosure would generally involve sensitive data being exposed without authorization, whereas denial of service refers to making a system unavailable to its intended users. SQL injection is related specifically to databases and is not applicable here, as it relies on improperly sanitized database queries rather than email processing functions. Thus, the choice of remote code execution as the correct answer highlights the critical nature of the vulnerability associated with Sendmail 8.