cvelistv5 - CVE-2009-1490

CVE-2009-1490

Vulnerability from cvelistv5

Published

2009-05-05 19:00

Modified

2024-08-07 05:13

Severity ?

Summary

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

References

URL	Tags
cve@mitre.org	http://www.nmrc.org/~thegnome/blog/apr09/
cve@mitre.org	http://www.sendmail.org/releases/8.13.2	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/50355
af854a3a-2127-422b-91ae-364da2661108	http://www.nmrc.org/~thegnome/blog/apr09/
af854a3a-2127-422b-91ae-364da2661108	http://www.sendmail.org/releases/8.13.2	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/50355

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sendmail.org/releases/8.13.2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nmrc.org/~thegnome/blog/apr09/"
          },
          {
            "name": "sendmail-xheader-bo(50355)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50355"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sendmail.org/releases/8.13.2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nmrc.org/~thegnome/blog/apr09/"
        },
        {
          "name": "sendmail-xheader-bo(50355)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50355"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.sendmail.org/releases/8.13.2",
              "refsource": "CONFIRM",
              "url": "http://www.sendmail.org/releases/8.13.2"
            },
            {
              "name": "http://www.nmrc.org/~thegnome/blog/apr09/",
              "refsource": "MISC",
              "url": "http://www.nmrc.org/~thegnome/blog/apr09/"
            },
            {
              "name": "sendmail-xheader-bo(50355)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50355"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1490",
    "datePublished": "2009-05-05T19:00:00",
    "dateReserved": "2009-04-30T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.13.1.2\", \"matchCriteriaId\": \"2820FDAE-AA3F-4452-933C-62B4F174D941\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CA16C02-3B8D-4188-898E-048A93F11ADA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:2.6:*:nt:*:*:*:*:*\", \"matchCriteriaId\": \"3300A5FC-69D9-4F19-AB0E-0273F5ECF45C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FF12CC4-C9CD-479A-8F85-8F947B5B60A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:2.6.1:*:nt:*:*:*:*:*\", \"matchCriteriaId\": \"EC340D43-0E4D-4365-A604-9DDF3BD62039\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"623A2E07-2122-4ADE-9932-011DCA4396A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5C563EF-FDED-4193-A66A-06527878BB1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:3.0:*:nt:*:*:*:*:*\", \"matchCriteriaId\": \"E43CBCA0-47B1-4992-A636-A0BF4441B91A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4A267D3-2F49-4E61-B2C9-D8ED2265665E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:3.0.1:*:nt:*:*:*:*:*\", \"matchCriteriaId\": \"2FA4711B-319B-4410-A1B5-C6D8C4B1EC68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7199205A-B914-40A1-9C82-A9698511E3C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:3.0.2:*:nt:*:*:*:*:*\", \"matchCriteriaId\": \"F4981D22-AA6B-4901-95BA-F1BB893828B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEC468AB-8B18-4169-8040-614A32444732\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE4E6D5E-BD37-4F8E-962C-0438C62BEF72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:4.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"111C0FC5-A199-44CA-9512-9E6B12514E42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AFADCBA-DB24-451F-9E1D-FBBEE41C5D52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DFC5B8B-9102-46A9-9BD3-5CC0B671383F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51BC02ED-17B1-44B3-97DB-F626A2BD2524\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF58EBCB-5735-4569-957D-C37CC38F0823\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BBEEC1F-8382-4FEE-9F7F-60A8D9494DBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A34E836-DFF7-404B-9F49-C56DCD81DB4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"624CA3E0-1D02-43C8-9BE2-CDB3651D153F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0006A6D0-E3E5-447E-ABCF-6D6E741ADC06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.7.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85996153-65D0-4697-A01B-F6174CE5B4AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"855476CC-21EA-4037-91B7-7B9AAE9E7F82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D30A1136-074A-460D-9794-DDD530626800\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76A9602B-8E5A-4BF4-81F5-D1152D09FCAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFD0B100-D822-4EBF-8EC9-ADAB8141116B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"196D77DF-E6D4-46D0-BC2C-8804A587CA25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B743E5A3-6B15-4877-9424-A1F1A4214B73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76A60742-7815-4658-A6F7-147AA48C24B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC773E5-84D2-4084-80DA-EE8423C4925B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A1A24F2-9C6B-4DF0-AB04-55D051812DD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"120271B8-08A9-4C21-A108-0DA61095A006\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84E6ECDA-DF65-47FF-A42F-FD5C1D864FA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AA859AF-4E4E-4077-8E98-523E617A1DDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9791650-C367-43B6-A0F4-5BB56CE10778\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8340DDA8-77DD-4AEB-B267-F86F64A851B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07DCBBEE-1DF0-40FE-B755-1FC35CF16788\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"581626E7-47B5-4819-B34F-B6DFD07A12F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BBE9A4A-8AB9-4A97-A106-970FEB08952C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B754AD41-90A0-4382-B599-E41289C690A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD99394C-5408-4A01-8D4E-417FFFFDE9C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAB59A24-87DE-4CAD-A2BA-AFCC0B2A55B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*\", \"matchCriteriaId\": \"97D641EF-0B69-45A1-B85E-3C9C93AB9D42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*\", \"matchCriteriaId\": \"8972211B-6A5B-4095-9CBB-CEF4C23C9C65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F81A2AD-90A0-4B97-86A3-92690A0FCA71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"598F74BA-2B71-435E-92B8-9DEADB3311A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79A46DF2-8EEB-40C8-B1CA-01BC064BD25E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"581E5904-1A2B-49FF-BE3F-D42019AD816B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6CC4C83-4FB9-4344-AFCB-C260659F81DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAF763B4-58E3-4868-8C92-47DE3E4E5F40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A4FCB77-7FAC-4A4B-851C-2F352B44D3CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FEB3923-8F4B-4523-84F9-17D1CFA37F8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58CD19B4-4BFD-4DE8-B21F-6B6CDE6793C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B82BBB7-CD72-4A33-97D4-B1E51A595323\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C1D6A40-5DD1-481C-AF85-85705FCE3680\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC7125C4-64AF-4A3B-BBD6-1A56660A2D90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83AE5BA5-09FF-4AF8-B4E8-4D372A208E2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4E0D099-C149-4923-A06C-200A23CEA943\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en mont\\u00edculo en Sendmail anterior a v8.13.2 permite a atacantes remotos producir una denegaci\\u00f3n de servicio (ca\\u00edda de demonio) y posiblemente  ejecutar c\\u00f3digo de forma arbitraria a trav\\u00e9s de la cabecera X- como se demostr\\u00f3 mediante la cabecera de prueba X-.\"}]",
      "id": "CVE-2009-1490",
      "lastModified": "2024-11-21T01:02:35.073",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-05-05T19:30:00.170",
      "references": "[{\"url\": \"http://www.nmrc.org/~thegnome/blog/apr09/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.sendmail.org/releases/8.13.2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/50355\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.nmrc.org/~thegnome/blog/apr09/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.sendmail.org/releases/8.13.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/50355\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Based on our analysis this issue does not have a security consequence and does not lead to a buffer overflow or denial of service.  For more details of our technical evaluation see\\nhttps://bugzilla.redhat.com/show_bug.cgi?id=499252#c18\", \"lastModified\": \"2009-05-07T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1490\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-05-05T19:30:00.170\",\"lastModified\":\"2024-11-21T01:02:35.073\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en mont\u00edculo en Sendmail anterior a v8.13.2 permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de demonio) y posiblemente  ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de la cabecera X- como se demostr\u00f3 mediante la cabecera de prueba X-.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.13.1.2\",\"matchCriteriaId\":\"2820FDAE-AA3F-4452-933C-62B4F174D941\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CA16C02-3B8D-4188-898E-048A93F11ADA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:2.6:*:nt:*:*:*:*:*\",\"matchCriteriaId\":\"3300A5FC-69D9-4F19-AB0E-0273F5ECF45C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF12CC4-C9CD-479A-8F85-8F947B5B60A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:2.6.1:*:nt:*:*:*:*:*\",\"matchCriteriaId\":\"EC340D43-0E4D-4365-A604-9DDF3BD62039\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"623A2E07-2122-4ADE-9932-011DCA4396A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5C563EF-FDED-4193-A66A-06527878BB1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:3.0:*:nt:*:*:*:*:*\",\"matchCriteriaId\":\"E43CBCA0-47B1-4992-A636-A0BF4441B91A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A267D3-2F49-4E61-B2C9-D8ED2265665E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:3.0.1:*:nt:*:*:*:*:*\",\"matchCriteriaId\":\"2FA4711B-319B-4410-A1B5-C6D8C4B1EC68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7199205A-B914-40A1-9C82-A9698511E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:3.0.2:*:nt:*:*:*:*:*\",\"matchCriteriaId\":\"F4981D22-AA6B-4901-95BA-F1BB893828B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEC468AB-8B18-4169-8040-614A32444732\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE4E6D5E-BD37-4F8E-962C-0438C62BEF72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:4.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"111C0FC5-A199-44CA-9512-9E6B12514E42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFADCBA-DB24-451F-9E1D-FBBEE41C5D52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DFC5B8B-9102-46A9-9BD3-5CC0B671383F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51BC02ED-17B1-44B3-97DB-F626A2BD2524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF58EBCB-5735-4569-957D-C37CC38F0823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BBEEC1F-8382-4FEE-9F7F-60A8D9494DBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A34E836-DFF7-404B-9F49-C56DCD81DB4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"624CA3E0-1D02-43C8-9BE2-CDB3651D153F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0006A6D0-E3E5-447E-ABCF-6D6E741ADC06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85996153-65D0-4697-A01B-F6174CE5B4AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"855476CC-21EA-4037-91B7-7B9AAE9E7F82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D30A1136-074A-460D-9794-DDD530626800\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76A9602B-8E5A-4BF4-81F5-D1152D09FCAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFD0B100-D822-4EBF-8EC9-ADAB8141116B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"196D77DF-E6D4-46D0-BC2C-8804A587CA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B743E5A3-6B15-4877-9424-A1F1A4214B73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76A60742-7815-4658-A6F7-147AA48C24B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC773E5-84D2-4084-80DA-EE8423C4925B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A1A24F2-9C6B-4DF0-AB04-55D051812DD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"120271B8-08A9-4C21-A108-0DA61095A006\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84E6ECDA-DF65-47FF-A42F-FD5C1D864FA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AA859AF-4E4E-4077-8E98-523E617A1DDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9791650-C367-43B6-A0F4-5BB56CE10778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8340DDA8-77DD-4AEB-B267-F86F64A851B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DCBBEE-1DF0-40FE-B755-1FC35CF16788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"581626E7-47B5-4819-B34F-B6DFD07A12F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BBE9A4A-8AB9-4A97-A106-970FEB08952C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B754AD41-90A0-4382-B599-E41289C690A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD99394C-5408-4A01-8D4E-417FFFFDE9C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAB59A24-87DE-4CAD-A2BA-AFCC0B2A55B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*\",\"matchCriteriaId\":\"97D641EF-0B69-45A1-B85E-3C9C93AB9D42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8972211B-6A5B-4095-9CBB-CEF4C23C9C65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F81A2AD-90A0-4B97-86A3-92690A0FCA71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"598F74BA-2B71-435E-92B8-9DEADB3311A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79A46DF2-8EEB-40C8-B1CA-01BC064BD25E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"581E5904-1A2B-49FF-BE3F-D42019AD816B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6CC4C83-4FB9-4344-AFCB-C260659F81DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAF763B4-58E3-4868-8C92-47DE3E4E5F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A4FCB77-7FAC-4A4B-851C-2F352B44D3CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FEB3923-8F4B-4523-84F9-17D1CFA37F8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58CD19B4-4BFD-4DE8-B21F-6B6CDE6793C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B82BBB7-CD72-4A33-97D4-B1E51A595323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C1D6A40-5DD1-481C-AF85-85705FCE3680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7125C4-64AF-4A3B-BBD6-1A56660A2D90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83AE5BA5-09FF-4AF8-B4E8-4D372A208E2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4E0D099-C149-4923-A06C-200A23CEA943\"}]}]}],\"references\":[{\"url\":\"http://www.nmrc.org/~thegnome/blog/apr09/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.sendmail.org/releases/8.13.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/50355\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.nmrc.org/~thegnome/blog/apr09/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.sendmail.org/releases/8.13.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/50355\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Based on our analysis this issue does not have a security consequence and does not lead to a buffer overflow or denial of service.  For more details of our technical evaluation see\\nhttps://bugzilla.redhat.com/show_bug.cgi?id=499252#c18\",\"lastModified\":\"2009-05-07T00:00:00\"}]}}"
  }
}

CVE-2009-1490

Vulnerability from fkie_nvd

Published

2009-05-05 19:30

Modified

2024-11-21 01:02

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.nmrc.org/~thegnome/blog/apr09/
cve@mitre.org	http://www.sendmail.org/releases/8.13.2	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/50355
af854a3a-2127-422b-91ae-364da2661108	http://www.nmrc.org/~thegnome/blog/apr09/
af854a3a-2127-422b-91ae-364da2661108	http://www.sendmail.org/releases/8.13.2	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/50355

Impacted products

Vendor	Product	Version
sendmail	sendmail	*
sendmail	sendmail	2.6
sendmail	sendmail	2.6
sendmail	sendmail	2.6.1
sendmail	sendmail	2.6.1
sendmail	sendmail	2.6.2
sendmail	sendmail	3.0
sendmail	sendmail	3.0
sendmail	sendmail	3.0.1
sendmail	sendmail	3.0.1
sendmail	sendmail	3.0.2
sendmail	sendmail	3.0.2
sendmail	sendmail	3.0.3
sendmail	sendmail	4.1
sendmail	sendmail	4.55
sendmail	sendmail	5
sendmail	sendmail	5.59
sendmail	sendmail	5.61
sendmail	sendmail	5.65
sendmail	sendmail	8.6.7
sendmail	sendmail	8.7.6
sendmail	sendmail	8.7.7
sendmail	sendmail	8.7.8
sendmail	sendmail	8.7.9
sendmail	sendmail	8.7.10
sendmail	sendmail	8.8.8
sendmail	sendmail	8.9.0
sendmail	sendmail	8.9.1
sendmail	sendmail	8.9.2
sendmail	sendmail	8.9.3
sendmail	sendmail	8.10
sendmail	sendmail	8.10.0
sendmail	sendmail	8.10.1
sendmail	sendmail	8.10.2
sendmail	sendmail	8.11.0
sendmail	sendmail	8.11.1
sendmail	sendmail	8.11.2
sendmail	sendmail	8.11.3
sendmail	sendmail	8.11.4
sendmail	sendmail	8.11.5
sendmail	sendmail	8.11.6
sendmail	sendmail	8.11.7
sendmail	sendmail	8.12
sendmail	sendmail	8.12
sendmail	sendmail	8.12
sendmail	sendmail	8.12
sendmail	sendmail	8.12
sendmail	sendmail	8.12.0
sendmail	sendmail	8.12.1
sendmail	sendmail	8.12.2
sendmail	sendmail	8.12.3
sendmail	sendmail	8.12.4
sendmail	sendmail	8.12.5
sendmail	sendmail	8.12.6
sendmail	sendmail	8.12.7
sendmail	sendmail	8.12.8
sendmail	sendmail	8.12.9
sendmail	sendmail	8.12.10
sendmail	sendmail	8.12.11
sendmail	sendmail	8.13.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2820FDAE-AA3F-4452-933C-62B4F174D941",
              "versionEndIncluding": "8.13.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA16C02-3B8D-4188-898E-048A93F11ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:2.6:*:nt:*:*:*:*:*",
              "matchCriteriaId": "3300A5FC-69D9-4F19-AB0E-0273F5ECF45C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF12CC4-C9CD-479A-8F85-8F947B5B60A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:2.6.1:*:nt:*:*:*:*:*",
              "matchCriteriaId": "EC340D43-0E4D-4365-A604-9DDF3BD62039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "623A2E07-2122-4ADE-9932-011DCA4396A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C563EF-FDED-4193-A66A-06527878BB1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:3.0:*:nt:*:*:*:*:*",
              "matchCriteriaId": "E43CBCA0-47B1-4992-A636-A0BF4441B91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A267D3-2F49-4E61-B2C9-D8ED2265665E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:3.0.1:*:nt:*:*:*:*:*",
              "matchCriteriaId": "2FA4711B-319B-4410-A1B5-C6D8C4B1EC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7199205A-B914-40A1-9C82-A9698511E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:3.0.2:*:nt:*:*:*:*:*",
              "matchCriteriaId": "F4981D22-AA6B-4901-95BA-F1BB893828B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEC468AB-8B18-4169-8040-614A32444732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E6D5E-BD37-4F8E-962C-0438C62BEF72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:4.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "111C0FC5-A199-44CA-9512-9E6B12514E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFADCBA-DB24-451F-9E1D-FBBEE41C5D52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DFC5B8B-9102-46A9-9BD3-5CC0B671383F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BC02ED-17B1-44B3-97DB-F626A2BD2524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF58EBCB-5735-4569-957D-C37CC38F0823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BBEEC1F-8382-4FEE-9F7F-60A8D9494DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A34E836-DFF7-404B-9F49-C56DCD81DB4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "624CA3E0-1D02-43C8-9BE2-CDB3651D153F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0006A6D0-E3E5-447E-ABCF-6D6E741ADC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "85996153-65D0-4697-A01B-F6174CE5B4AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "855476CC-21EA-4037-91B7-7B9AAE9E7F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30A1136-074A-460D-9794-DDD530626800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A9602B-8E5A-4BF4-81F5-D1152D09FCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD0B100-D822-4EBF-8EC9-ADAB8141116B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "196D77DF-E6D4-46D0-BC2C-8804A587CA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B743E5A3-6B15-4877-9424-A1F1A4214B73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A60742-7815-4658-A6F7-147AA48C24B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC773E5-84D2-4084-80DA-EE8423C4925B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A1A24F2-9C6B-4DF0-AB04-55D051812DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "120271B8-08A9-4C21-A108-0DA61095A006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E6ECDA-DF65-47FF-A42F-FD5C1D864FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AA859AF-4E4E-4077-8E98-523E617A1DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9791650-C367-43B6-A0F4-5BB56CE10778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8340DDA8-77DD-4AEB-B267-F86F64A851B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DCBBEE-1DF0-40FE-B755-1FC35CF16788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "581626E7-47B5-4819-B34F-B6DFD07A12F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBE9A4A-8AB9-4A97-A106-970FEB08952C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B754AD41-90A0-4382-B599-E41289C690A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "BD99394C-5408-4A01-8D4E-417FFFFDE9C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*",
              "matchCriteriaId": "AAB59A24-87DE-4CAD-A2BA-AFCC0B2A55B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*",
              "matchCriteriaId": "97D641EF-0B69-45A1-B85E-3C9C93AB9D42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "8972211B-6A5B-4095-9CBB-CEF4C23C9C65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "8F81A2AD-90A0-4B97-86A3-92690A0FCA71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "598F74BA-2B71-435E-92B8-9DEADB3311A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A46DF2-8EEB-40C8-B1CA-01BC064BD25E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "581E5904-1A2B-49FF-BE3F-D42019AD816B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CC4C83-4FB9-4344-AFCB-C260659F81DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAF763B4-58E3-4868-8C92-47DE3E4E5F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4FCB77-7FAC-4A4B-851C-2F352B44D3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FEB3923-8F4B-4523-84F9-17D1CFA37F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "58CD19B4-4BFD-4DE8-B21F-6B6CDE6793C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B82BBB7-CD72-4A33-97D4-B1E51A595323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C1D6A40-5DD1-481C-AF85-85705FCE3680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7125C4-64AF-4A3B-BBD6-1A56660A2D90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AE5BA5-09FF-4AF8-B4E8-4D372A208E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4E0D099-C149-4923-A06C-200A23CEA943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en Sendmail anterior a v8.13.2 permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de demonio) y posiblemente  ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de la cabecera X- como se demostr\u00f3 mediante la cabecera de prueba X-."
    }
  ],
  "id": "CVE-2009-1490",
  "lastModified": "2024-11-21T01:02:35.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-05-05T19:30:00.170",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.nmrc.org/~thegnome/blog/apr09/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.sendmail.org/releases/8.13.2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.nmrc.org/~thegnome/blog/apr09/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.sendmail.org/releases/8.13.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50355"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Based on our analysis this issue does not have a security consequence and does not lead to a buffer overflow or denial of service.  For more details of our technical evaluation see\nhttps://bugzilla.redhat.com/show_bug.cgi?id=499252#c18",
      "lastModified": "2009-05-07T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2009-1490

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-1490

Aliases

CVE-2009-1490

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1490",
    "description": "Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.",
    "id": "GSD-2009-1490",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-1490.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1490"
      ],
      "details": "Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.",
      "id": "GSD-2009-1490",
      "modified": "2023-12-13T01:19:47.908542Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1490",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.sendmail.org/releases/8.13.2",
            "refsource": "CONFIRM",
            "url": "http://www.sendmail.org/releases/8.13.2"
          },
          {
            "name": "http://www.nmrc.org/~thegnome/blog/apr09/",
            "refsource": "MISC",
            "url": "http://www.nmrc.org/~thegnome/blog/apr09/"
          },
          {
            "name": "sendmail-xheader-bo(50355)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50355"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6.1:*:nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6:*:nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0:*:nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:4.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.2:*:nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.1:*:nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.13.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1490"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.sendmail.org/releases/8.13.2",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.sendmail.org/releases/8.13.2"
            },
            {
              "name": "http://www.nmrc.org/~thegnome/blog/apr09/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.nmrc.org/~thegnome/blog/apr09/"
            },
            {
              "name": "sendmail-xheader-bo(50355)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50355"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:30Z",
      "publishedDate": "2009-05-05T19:30Z"
    }
  }
}

ghsa-qhrf-mg36-grcm

Vulnerability from github

Published

2022-05-02 03:25

Modified

2022-05-02 03:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-05-05T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.",
  "id": "GHSA-qhrf-mg36-grcm",
  "modified": "2022-05-02T03:25:41Z",
  "published": "2022-05-02T03:25:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1490"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50355"
    },
    {
      "type": "WEB",
      "url": "http://www.nmrc.org/~thegnome/blog/apr09"
    },
    {
      "type": "WEB",
      "url": "http://www.sendmail.org/releases/8.13.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-1490

Vulnerability from cvelistv5

CVE-2009-1490

Vulnerability from fkie_nvd

gsd-2009-1490

Vulnerability from gsd

ghsa-qhrf-mg36-grcm

Vulnerability from github

Tags

Sightings

Nomenclature