Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-1999-0131

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

Published

1996-09-11T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application eric_allman sendmail 8.6 Yes
Application eric_allman sendmail 8.7.1 Yes
Application eric_allman sendmail 8.7.2 Yes
Application eric_allman sendmail 8.7.3 Yes
Application eric_allman sendmail 8.7.4 Yes
Application eric_allman sendmail 8.7.5 Yes
Operating System bsdi bsd_os 2.1 Yes
Operating System digital osf_1 1.3.2 Yes
Operating System freebsd freebsd 2.1.5 Yes
Operating System hp hp-ux 10.01 Yes
Operating System hp hp-ux 10.10 Yes
Operating System hp hp-ux 10.20 Yes
Operating System ibm aix 3.2 Yes
Operating System ibm aix 4.1 Yes
Operating System ibm aix 4.2 Yes
Operating System redhat linux 3.0.3 Yes
Operating System sco internet_faststart 1.0 Yes
Operating System sco openserver 5.0 Yes
Operating System sco openserver 5.0.2 Yes
References