CVE-1999-0204

Sendmail 8.6.9 - Remote Command Execution via Ident

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0204. PoCs published by CIAC.

AI-analyzed exploit summary This exploit targets a vulnerability in sendmail 8.6.9's IDENT function to achieve remote command execution. It sets up a fake identd service to intercept and manipulate sendmail's IDENT query, injecting commands into the mail processing pipeline.

Description

Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CIAC · bashremoteunix

https://www.exploit-db.com/exploits/20599

View Code ZIP pw:eip

This exploit targets a vulnerability in sendmail 8.6.9's IDENT function to achieve remote command execution. It sets up a fake identd service to intercept and manipulate sendmail's IDENT query, injecting commands into the mail processing pipeline.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: sendmail 8.6.9

No auth needed

Prerequisites: Port 113 (identd) must be free on the attacker's machine · Target must be running sendmail 8.6.9 · An unreachable MX host must be configured

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0204

Scores

EPSS 0.0867

EPSS Percentile 94.4%

Details

Status published

Products (1)

eric_allman/sendmail 8.6.9

Published Jan 01, 1997

Tracked Since Feb 18, 2026