CVE-1999-0203
published 1995-08-17CVE-1999-0203: In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the…
PriorityP432critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
2.08%
79.2th percentile
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eric_allman | sendmail | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Eric Allman Sendmail 8.6.10 Mail From improper authentication (Nessus ID 10258 / ID 74059)
vuldb·2026-04-16·CVSS 10.0
CVE-1999-0203 [CRITICAL] Eric Allman Sendmail 8.6.10 Mail From improper authentication (Nessus ID 10258 / ID 74059)
A vulnerability classified as critical has been found in Eric Allman Sendmail 8.6.10. Affected is an unknown function of the component Mail From Handler. This manipulation causes improper authentication.
This vulnerability is registered as CVE-1999-0203. Remote exploitation of the attack is possible. No exploit is available. This vulnerability has a historic impact because of its background and how it was received.
It is recommended to upgrade the affected component.
GHSA
GHSA-8vhw-fcrr-hw7r: In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cau
ghsa_unreviewed·2022-04-30
CVE-1999-0203 [HIGH] GHSA-8vhw-fcrr-hw7r: In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cau
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
1995-08-17
Published