CVE-1999-1580

CVSS 2.0 Score 7.2 of 10 (high)

Details

Published Aug 23, 1995

Updated: Nov 20, 2024

Summary

CVE-1999-1580 is a vulnerability affecting SunOS sendmail versions 5.59 to 5.65. It allows local users to exploit the program by manipulating the Internal Field Separator (IFS) variable and passing crafted values to the -oR option via the forwarding host argument. This vulnerability can result in unintended command execution, effectively granting root privileges to the attacker. The use of the popen function in sendmail's processing of forwarding host arguments is the root cause of this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SunOS

Affected Vendors

Oracle Corp

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/NWlZvz
https://www.cve.org/CVERecord?id=CVE-1999-1580
https://nvd.nist.gov/vuln/detail/CVE-1999-1580

Back to Vulnerability Database