Vulnerabilities > CVE-1999-1309 - Unspecified vulnerability in Sendmail

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sendmail

nessus

NVD

Published: 1996-08-30

Updated: 2017-10-10

Summary

Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.

Vulnerable Configurations

Part	Description	Count
Application	Sendmail Sendmail Sendmail - Sendmail Sendmail 2.6 Sendmail Sendmail 2.6.1 Sendmail Sendmail 2.6.2 Sendmail Sendmail 3.0 Sendmail Sendmail 3.0.1 Sendmail Sendmail 3.0.2 Sendmail Sendmail 3.0.3 Sendmail Sendmail 4.1 Sendmail Sendmail 8.6.7	10

Nessus

NASL family	SMTP problems
NASL id	SENDMAIL_LONG_DEBUG.NASL
description	The remote Sendmail server, according to its version number, allows local users to gain root access via a large value in the debug (-d) command line option.
last seen	2020-06-01
modified	2020-06-02
plugin id	11348
published	2003-03-11
reporter	This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/11348
title	Sendmail < 8.6.8 -debug Local Privilege Escalation
code	# # (C) Tenable Network Security, Inc. # Original script by Xue Yong Zhi <[email protected]> # # Changes by Tenable: # - Revised plugin title, output formatting (9/16/09) # - Updated to use compat.inc, added CVSS score (11/20/2009) # - rewritten by Tenable (7/23/2018) include("compat.inc"); if (description) { script_id(11348); script_version("1.10"); script_cvs_date("Date: 2018/08/22 16:49:14"); script_cve_id("CVE-1999-1309"); script_name(english:"Sendmail < 8.6.8 -debug Local Privilege Escalation"); script_summary(english:"Checks the version number"); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by local privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The remote Sendmail server, according to its version number, allows local users to gain root access via a large value in the debug (-d) command line option."); script_set_attribute(attribute:"solution", value: "Install Sendmail newer than versions 8.6.8 or install a vendor supplied patch."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-1999-1309"); script_set_attribute(attribute:"vuln_publication_date", value:"1994/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/11"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SMTP problems"); script_dependencies("sendmail_detect.nbin"); script_require_keys("installed_sw/Sendmail"); exit(0); } include("vcf.inc"); app_info = vcf::get_app_info(app:"Sendmail"); constraints = [{ "fixed_version" : "8.6.8" }]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Summary

Vulnerable Configurations

Nessus

References