CVE-1999-1580 — Sendmail vulnerability

5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.7%

top 27.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sendmail SUN Sunos

Timeline

PublishedAug 23

Latest updateApr 16

Description

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/sunos7 versions+6

▶NVDsendmail/sendmail5.59, 5.61, 5.65+2

Patches

Patch: www.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

VulDB

Sendmail 5.59/5.61/5.65 -oR privileges management (VU#3278 / XFDB-20885)↗2026-04-16

▶

GHSA

GHSA-qqmr-fh23-w8vj: SunOS sendmail 5↗2022-04-30

▶

CVEList

CVE-1999-1580: SunOS sendmail 5↗2005-04-21

▶

📋Vendor Advisories

Debian

CVE-1999-1580: sendmail - SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argumen...↗1999

▶