CVE-1999-1580
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/08/1995
Last modified:
03/04/2025
Description
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sun:sunos:4.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sun:sunos:4.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sun:sunos:4.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sun:sunos:4.1.3c:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sun:sunos:4.1.3u1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sun:sunos:4.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sun:sunos:4.1.4jl:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-21.html
- http://www.auscert.org.au/render.html?it=1853&cid=1978
- http://www.cert.org/advisories/CA-95.11.sun.sendmail-oR.vul
- http://www.kb.cert.org/vuls/id/3278
- http://www.securityfocus.com/bid/7829
- http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-21.html
- http://www.auscert.org.au/render.html?it=1853&cid=1978
- http://www.cert.org/advisories/CA-95.11.sun.sendmail-oR.vul
- http://www.kb.cert.org/vuls/id/3278
- http://www.securityfocus.com/bid/7829