Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1490

CWE-119 — Buffer Overflow9 documents8 sources

Severity

5.0MEDIUM

EPSS

7.8%

top 8.03%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sendmail Sendmail

Timeline

PublishedMay 5

Latest updateMay 2

Description

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiansendmail< 8.13.2-0+3

▶NVDsendmail/sendmail8.13.1.2+50

Patches

Patch: www.sendmail.org ↗Patch: www.sendmail.org ↗

🔴Vulnerability Details

GHSA

GHSA-qhrf-mg36-grcm: Heap-based buffer overflow in Sendmail before 8↗2022-05-02

▶

CVEList

CVE-2009-1490: Heap-based buffer overflow in Sendmail before 8↗2009-05-05

▶

OSV

CVE-2009-1490: Heap-based buffer overflow in Sendmail before 8↗2009-05-05

▶

💥Exploits & PoCs

Exploit-DB

Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow (PoC)↗2009-05-27

▶

📋Vendor Advisories

Red Hat

sendmail: long first header can overflow into message body↗2009-04-30

▶

Debian

CVE-2009-1490: sendmail - Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to ...↗2009

▶

💬Community

Bugzilla

CVE-2009-1490 sendmail: long first header can overflow into message body↗2009-07-21

▶

Bugzilla

CVE-2009-1490 sendmail: long first header can overflow into message body↗2009-05-05

▶