CVE-1999-1580

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.

Published: Aug 23, 1995
Updated: Apr 13, 2023
CVE: CVE-1999-1580
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sendmail / sendmail	5.59	5.59.x
sendmail / sendmail	5.61	5.61.x
sendmail / sendmail	5.65	5.65.x
sun / sunos	4.1.4	4.1.4.x
sun / sunos	4.1.4jl	4.1.4jl.x
sun / sunos	4.1.1	4.1.1.x
sun / sunos	4.1.3u1	4.1.3u1.x
sun / sunos	4.1.3	4.1.3.x
sun / sunos	4.1.2	4.1.2.x
sun / sunos	4.1.3c	4.1.3c.x

http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-21.html
http://www.auscert.org.au/render.html?it=1853&cid=1978
http://www.cert.org/advisories/CA-95.11.sun.sendmail-oR.vul
http://www.kb.cert.org/vuls/id/3278
http://www.securityfocus.com/bid/7829

Vulnerability Database

289,599

CVE-1999-1580