Details of VAR-199804-0010

ID

VAR-199804-0010

CVE

CVE-1999-0098

TITLE

apple's AppleShare Vulnerabilities in products from multiple vendors such as

Trust: 0.8

sources: JVNDB: JVNDB-1998-000021

DESCRIPTION

Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. apple's AppleShare Unspecified vulnerabilities exist in products from multiple vendors.None. The issue presents itself due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. A remote attacker may exploit this condition to trigger a denial-of-service in the affected daemon. Sendmail 8.8.8 is affected; earlier versions may also be vulnerable

Trust: 1.98

sources: NVD: CVE-1999-0098 // JVNDB: JVNDB-1998-000021 // BID: 49431 // VULHUB: VHN-98

AFFECTED PRODUCTS

vendor:	pmail	model:	mercury mail server	scope:	eq	version:	-	Trust: 1.6
vendor:	apple	model:	appleshare	scope:	eq	version:	-	Trust: 1.0
vendor:	seattlelab	model:	slmail	scope:	eq	version:	2.6	Trust: 1.0
vendor:	seattlelab	model:	slmail	scope:	-	version:	-	Trust: 0.8
vendor:	pegasus mail	model:	mercury mail transport system	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	appleshare	scope:	eq	version:	-	Trust: 0.8
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.14.4	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.14.3	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.13.8	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.13.7	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.13.6	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.13.5	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.13.4	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.13.3	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.13.2	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.13.1	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.11	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.10	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.9	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.8	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.7	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.6	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.5	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.4	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.3	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.2	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.1	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail beta7	scope:	eq	version:	8.12	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail beta5	scope:	eq	version:	8.12	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail beta16	scope:	eq	version:	8.12	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail beta12	scope:	eq	version:	8.12	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail beta10	scope:	eq	version:	8.12	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.12.0	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.11.7	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.11.6	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.11.5	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.11.4	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.11.3	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.11.2	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.11.1	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.11	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.10.2	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.10.1	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.10	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	8.8.8	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	5.65	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	5.61	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	5.59	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	4.55	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	eq	version:	4.1	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.11	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.10.1	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.10	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.8.5	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.8.4	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.8.3	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.8.2	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.8.1	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.8.x	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.8	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.7.6	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.7.5	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.7.4	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.7.3	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.7.2	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.7.1	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.7.x	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.6.10	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.6.9	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	8.6.x	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	5.59	Trust: 0.3
vendor:	eric	model:	allman sendmail	scope:	eq	version:	5.58	Trust: 0.3
vendor:	sendmail	model:	consortium sendmail	scope:	ne	version:	8.9.0	Trust: 0.3

sources: BID: 49431 // JVNDB: JVNDB-1998-000021 // CNNVD: CNNVD-199804-003 // NVD: CVE-1999-0098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0098
value:	HIGH
Trust: 1.0
NVD:	CVE-1999-0098
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-199804-003
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-98
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-0098
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-98
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-98 // JVNDB: JVNDB-1998-000021 // CNNVD: CNNVD-199804-003 // NVD: CVE-1999-0098

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-1998-000021 // NVD: CVE-1999-0098

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199804-003

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199804-003

PATCH

title:

top page

url:

https://www.pmail.com/overviews/ovw_mercwin.htm

Trust: 0.8

sources: JVNDB: JVNDB-1998-000021

EXTERNAL IDS

db:	NVD	id:	CVE-1999-0098	Trust: 3.6
db:	JVNDB	id:	JVNDB-1998-000021	Trust: 0.8
db:	CNNVD	id:	CNNVD-199804-003	Trust: 0.7
db:	BID	id:	49431	Trust: 0.4
db:	VULHUB	id:	VHN-98	Trust: 0.1

sources: VULHUB: VHN-98 // BID: 49431 // JVNDB: JVNDB-1998-000021 // CNNVD: CNNVD-199804-003 // NVD: CVE-1999-0098

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/cve-1999-0098	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-1999-0098	Trust: 0.8
url:	http://marc.info/?l=bugtraq&m=90221101925991&w=2	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=90221101926003&w=2	Trust: 0.3
url:	-	Trust: 0.1

sources: VULHUB: VHN-98 // BID: 49431 // JVNDB: JVNDB-1998-000021 // CNNVD: CNNVD-199804-003 // NVD: CVE-1999-0098

CREDITS

rootshell.com

Trust: 0.3

sources: BID: 49431

SOURCES

db:	VULHUB	id:	VHN-98
db:	BID	id:	49431
db:	JVNDB	id:	JVNDB-1998-000021
db:	CNNVD	id:	CNNVD-199804-003
db:	NVD	id:	CVE-1999-0098

LAST UPDATE DATE

2024-08-14T14:54:01.872000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-98	date:	2018-01-08T00:00:00
db:	BID	id:	49431	date:	1998-04-01T00:00:00
db:	JVNDB	id:	JVNDB-1998-000021	date:	2024-05-13T09:05:00
db:	CNNVD	id:	CNNVD-199804-003	date:	2022-08-18T00:00:00
db:	NVD	id:	CVE-1999-0098	date:	2022-08-17T07:15:10.917

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-98	date:	1998-04-01T00:00:00
db:	BID	id:	49431	date:	1998-04-01T00:00:00
db:	JVNDB	id:	JVNDB-1998-000021	date:	2024-05-13T00:00:00
db:	CNNVD	id:	CNNVD-199804-003	date:	1998-04-01T00:00:00
db:	NVD	id:	CVE-1999-0098	date:	1998-04-01T05:00:00