CVE-2001-1349

Current Description

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.

Basic Data

PublishedMay 28, 2001
Last ModifiedSeptember 05, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score3.7
SeverityLOW
Exploitability Score1.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSendmailSendmail8.10*******
    2.3ApplicationSendmailSendmail8.10.1*******
    2.3ApplicationSendmailSendmail8.10.2*******
    2.3ApplicationSendmailSendmail8.11.0*******
    2.3ApplicationSendmailSendmail8.11.1*******
    2.3ApplicationSendmailSendmail8.11.2*******
    2.3ApplicationSendmailSendmail8.11.3*******
    2.3ApplicationSendmailSendmail8.12beta7******

Vulnerable Software List

VendorProductVersions
Sendmail Sendmail 8.10, 8.10.1, 8.10.2, 8.11.0, 8.11.1, 8.11.2, 8.11.3, 8.12

References

NameSourceURLTags
http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.htmlhttp://archives.neohapsis.com/archives/sendmail/2001-q2/0001.htmlCONFIRM
20010528 Unsafe Signal Handling in Sendmailhttp://razor.bindview.com/publish/advisories/adv_sm8120.htmlBINDVIEWExploit Patch Vendor Advisory
RHSA-2001:106http://rhn.redhat.com/errata/RHSA-2001-106.htmlREDHAT
sendmail-signal-handling(6633)http://www.iss.net/security_center/static/6633.phpXF
20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd)http://www.securityfocus.com/archive/1/187127BUGTRAQVendor Advisory
2794http://www.securityfocus.com/bid/2794BIDPatch Vendor Advisory