Vulnerability Name:
CVE-1999-0095 (CCN-125)
Assigned:
1988-10-01
Published:
1988-10-01
Updated:
2019-06-11
Summary:
The debug command in Sendmail is enabled, allowing attackers to execute commands as root.
CVSS v3 Severity:
10.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
10.0 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Privileges
References:
Source: MITRE
Type: CNA
CVE-1999-0095
Source: FULLDISC
Type: UNKNOWN
20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)
Source: CCN
Type: CERT Advisory CA-1988-01
ftpd vulnerability
Source: CCN
Type: CERT Advisory CA-1993-14
Internet Security Scanner (ISS)
Source: MLIST
Type: UNKNOWN
[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Source: MLIST
Type: UNKNOWN
[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Source: OSVDB
Type: UNKNOWN
195
Source: CCN
Type: OSVDB ID: 195
Sendmail DEBUG Arbitrary Remote Command Execution
Source: BID
Type: UNKNOWN
1
Source: CCN
Type: BID-1
Berkeley Sendmail DEBUG Vulnerability
Source: CCN
Type: BID-10
NeXTstep npd Vulnerability
Source: CCN
Type: BID-1000
Microsoft Windows Media Services Handshake Sequence DoS Vulnerability
Source: CCN
Type: BID-10002
cPanel Multiple Module Cross-Site Scripting Vulnerabilities
Source: CCN
Type: BID-10003
TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
Source: CCN
Type: BID-10004
TCPDump ISAKMP Identification Payload Integer Underflow Vulnerability
Source: CCN
Type: BID-10005
Interchange Remote Information Disclosure Vulnerability
Source: CCN
Type: BID-10007
Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerability
Source: CCN
Type: BID-10008
MPlayer Remote HTTP Header Buffer Overflow Vulnerability
Source: CCN
Type: BID-10009
Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability
Source: CCN
Type: BID-1001
InterAccess TelnetD Server 4.0 Terminal Configuration Vulnerability
Source: CCN
Type: BID-10010
LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
Source: CCN
Type: BID-10013
PHPKit Multiple HTML Injection Vulnerabilities
Source: CCN
Type: BID-10017
JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
Source: CCN
Type: BID-10018
MadBMS Unspecified Login Vulnerability
Source: CCN
Type: BID-10019
Cactusoft CactuShop SQL Injection Vulnerability
Source: CCN
Type: BID-1002
Sambar Server Batch CGI Vulnerability
Source: CCN
Type: BID-10020
CactuSoft CactuShop Cross-Site Scripting Vulnerability
Source: CCN
Type: BID-10022
Roger Wilco Server UDP Datagram Handling Denial Of Service Vulnerability
Source: CCN
Type: BID-10024
Roger Wilco Information Disclosure Vulnerability
Source: CCN
Type: BID-10025
Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
Source: CCN
Type: BID-10026
ADA IMGSVR Remote Directory Listing Vulnerability
Source: CCN
Type: BID-10027
ADA IMGSVR Remote File Download Vulnerability
Source: CCN
Type: BID-10028
OpenBSD ISAKMPD Zero Payload Length Denial Of Service Vulnerability
Source: CCN
Type: BID-1003
FTPx FTP Explorer Weak Password Encryption Vulnerability
Source: CCN
Type: BID-10033
HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability
Source: CCN
Type: BID-10036
Macromedia Dreamweaver Remote User Database Access Vulnerability
Source: CCN
Type: BID-10037
SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities
Source: CCN
Type: Sendmail Consortium Web site
Sendmail Homepage
Source: XF
Type: UNKNOWN
smtp-debug(125)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:eric_allman:sendmail:5.58:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:sendmail:sendmail:*:*:*:*:*:*:*:*
AND
cpe:/o:ibm:aix:*:*:*:*:*:*:*:*
OR
cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
OR
cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
OR
cpe:/o:sun:solaris:*:*:*:*:*:*:*:*
OR
cpe:/o:digital:ultrix:*:*:*:*:*:*:*:*
OR
cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*
OR
cpe:/o:next:nextstep:*:*:*:*:*:*:*:*
OR
cpe:/o:sco:unix:*:*:*:*:*:*:*:*
OR
cpe:/o:cray:unicos:*:*:*:*:*:*:*:*
OR
cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*
OR
cpe:/o:hp:apollo_domain_os:sr10.3:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
eric_allman
sendmail 5.58
sendmail
sendmail *
ibm
aix *
windriver
bsdos *
hp
hp-ux *
sgi
irix *
linux
linux kernel *
sun
solaris *
digital
ultrix *
data_general
dg ux *
next
nextstep *
sco
unix *
cray
unicos *
compaq
tru64 *
hp
apollo domain os sr10.3
Denotes that component is vulnerable