Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1490

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1490
Last Modified 13 May 2009 01:28:01
Published 05 May 2009 03:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1490

Summary

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

Vulnerable Systems

Application

  • Sendmail 2.6

  • Sendmail 2.6.1

  • Sendmail 2.6.2

  • Sendmail 3.0

  • Sendmail 3.0.1

  • Sendmail 3.0.2

  • Sendmail 3.0.3

  • Sendmail 4.1

  • Sendmail 4.55

  • Sendmail 5

  • Sendmail 5.59

  • Sendmail 5.61

  • Sendmail 5.65

  • Sendmail 8.10

  • Sendmail 8.10.0

  • Sendmail 8.10.1

  • Sendmail 8.10.2

  • Sendmail 8.11.0

  • Sendmail 8.11.1

  • Sendmail 8.11.2

  • Sendmail 8.11.3

  • Sendmail 8.11.4

  • Sendmail 8.11.5

  • Sendmail 8.11.6

  • Sendmail 8.11.7

  • Sendmail 8.12

  • Sendmail 8.12.0

  • Sendmail 8.12.1

  • Sendmail 8.12.10

  • Sendmail 8.12.11

  • Sendmail 8.12.2

  • Sendmail 8.12.3

  • Sendmail 8.12.4

  • Sendmail 8.12.5

  • Sendmail 8.12.6

  • Sendmail 8.12.7

  • Sendmail 8.12.8

  • Sendmail 8.12.9

  • Sendmail 8.13.0

  • Sendmail 8.13.1.2

  • Sendmail 8.6.7

  • Sendmail 8.7.10

  • Sendmail 8.7.6

  • Sendmail 8.7.7

  • Sendmail 8.7.8

  • Sendmail 8.7.9

  • Sendmail 8.8.8

  • Sendmail 8.9.0

  • Sendmail 8.9.1

  • Sendmail 8.9.2

  • Sendmail 8.9.3


References

CONFIRM - http://www.sendmail.org/releases/8.13.2

XF - sendmail-xheader-bo(50355)

MISC - http://www.nmrc.org/~thegnome/blog/apr09/


Last Updated: 27 May 2016 10:50:34