CVE-1999-1309

Current Description

Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.

Basic Data

PublishedAugust 30, 1996
Last ModifiedOctober 10, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSendmailSendmail********8.6.7

Vulnerable Software List

VendorProductVersions
Sendmail Sendmail *

References

NameSourceURLTags
CA-1994-12http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilitiesCERTPatch Third Party Advisory US Government Resource
19940314 sendmail -d problem (OLD yet still here)http://www.dataguard.no/bugtraq/1994_1/0040.htmlBUGTRAQVendor Advisory
19940315 anyone know details?http://www.dataguard.no/bugtraq/1994_1/0042.htmlBUGTRAQVendor Advisory
19940315 so...http://www.dataguard.no/bugtraq/1994_1/0043.htmlBUGTRAQ
19940315 Security problem in sendmail versions 8.x.xhttp://www.dataguard.no/bugtraq/1994_1/0048.htmlBUGTRAQVendor Advisory
19940327 sendmail exploit script - resendhttp://www.dataguard.no/bugtraq/1994_1/0078.htmlBUGTRAQ
sendmail-debug-gain-root(7155)https://exchange.xforce.ibmcloud.com/vulnerabilities/7155XF