ID CVE-2002-1337
Summary Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
References
Vulnerable Configurations
  • Sendmail Sendmail Advanced Message Server 1.2
    cpe:2.3:a:sendmail:advanced_message_server:1.2
  • Sendmail Sendmail Advanced Message Server 1.3
    cpe:2.3:a:sendmail:advanced_message_server:1.3
  • cpe:2.3:a:sendmail:sendmail:2.6:-:nt
    cpe:2.3:a:sendmail:sendmail:2.6:-:nt
  • cpe:2.3:a:sendmail:sendmail:2.6.1:-:nt
    cpe:2.3:a:sendmail:sendmail:2.6.1:-:nt
  • cpe:2.3:a:sendmail:sendmail:3.0:-:nt
    cpe:2.3:a:sendmail:sendmail:3.0:-:nt
  • cpe:2.3:a:sendmail:sendmail:3.0.1:-:nt
    cpe:2.3:a:sendmail:sendmail:3.0.1:-:nt
  • cpe:2.3:a:sendmail:sendmail:3.0.2:-:nt
    cpe:2.3:a:sendmail:sendmail:3.0.2:-:nt
  • cpe:2.3:a:sendmail:sendmail:5.59
    cpe:2.3:a:sendmail:sendmail:5.59
  • cpe:2.3:a:sendmail:sendmail:5.61
    cpe:2.3:a:sendmail:sendmail:5.61
  • cpe:2.3:a:sendmail:sendmail:5.65
    cpe:2.3:a:sendmail:sendmail:5.65
  • Sendmail Sendmail 8.8.8
    cpe:2.3:a:sendmail:sendmail:8.8.8
  • Sendmail Sendmail 8.9.0
    cpe:2.3:a:sendmail:sendmail:8.9.0
  • Sendmail Sendmail 8.9.1
    cpe:2.3:a:sendmail:sendmail:8.9.1
  • Sendmail Sendmail 8.9.2
    cpe:2.3:a:sendmail:sendmail:8.9.2
  • Sendmail Sendmail 8.9.3
    cpe:2.3:a:sendmail:sendmail:8.9.3
  • Sendmail Sendmail 8.10
    cpe:2.3:a:sendmail:sendmail:8.10
  • Sendmail Sendmail 8.10.1
    cpe:2.3:a:sendmail:sendmail:8.10.1
  • Sendmail Sendmail 8.10.2
    cpe:2.3:a:sendmail:sendmail:8.10.2
  • Sendmail Sendmail 8.11
    cpe:2.3:a:sendmail:sendmail:8.11.0
  • Sendmail Sendmail 8.11.1
    cpe:2.3:a:sendmail:sendmail:8.11.1
  • Sendmail Sendmail 8.11.2
    cpe:2.3:a:sendmail:sendmail:8.11.2
  • Sendmail Sendmail 8.11.3
    cpe:2.3:a:sendmail:sendmail:8.11.3
  • Sendmail Sendmail 8.11.4
    cpe:2.3:a:sendmail:sendmail:8.11.4
  • Sendmail Sendmail 8.11.5
    cpe:2.3:a:sendmail:sendmail:8.11.5
  • Sendmail Sendmail 8.11.6
    cpe:2.3:a:sendmail:sendmail:8.11.6
  • Sendmail Sendmail 8.12 Beta10
    cpe:2.3:a:sendmail:sendmail:8.12:beta10
  • Sendmail Sendmail 8.12 Beta12
    cpe:2.3:a:sendmail:sendmail:8.12:beta12
  • Sendmail Sendmail 8.12 Beta16
    cpe:2.3:a:sendmail:sendmail:8.12:beta16
  • Sendmail Sendmail 8.12 Beta5
    cpe:2.3:a:sendmail:sendmail:8.12:beta5
  • Sendmail Sendmail 8.12 beta7
    cpe:2.3:a:sendmail:sendmail:8.12:beta7
  • Sendmail Sendmail 8.12.0
    cpe:2.3:a:sendmail:sendmail:8.12.0
  • Sendmail Sendmail 8.12.1
    cpe:2.3:a:sendmail:sendmail:8.12.1
  • Sendmail Sendmail 8.12.2
    cpe:2.3:a:sendmail:sendmail:8.12.2
  • Sendmail Sendmail 8.12.3
    cpe:2.3:a:sendmail:sendmail:8.12.3
  • Sendmail Sendmail 8.12.4
    cpe:2.3:a:sendmail:sendmail:8.12.4
  • Sendmail Sendmail 8.12.5
    cpe:2.3:a:sendmail:sendmail:8.12.5
  • Sendmail Sendmail 8.12.6
    cpe:2.3:a:sendmail:sendmail:8.12.6
  • Sendmail Sendmail 8.12.7
    cpe:2.3:a:sendmail:sendmail:8.12.7
  • cpe:2.3:a:sendmail:sendmail_switch:2.1
    cpe:2.3:a:sendmail:sendmail_switch:2.1
  • cpe:2.3:a:sendmail:sendmail_switch:2.1.1
    cpe:2.3:a:sendmail:sendmail_switch:2.1.1
  • cpe:2.3:a:sendmail:sendmail_switch:2.1.2
    cpe:2.3:a:sendmail:sendmail_switch:2.1.2
  • cpe:2.3:a:sendmail:sendmail_switch:2.1.3
    cpe:2.3:a:sendmail:sendmail_switch:2.1.3
  • cpe:2.3:a:sendmail:sendmail_switch:2.1.4
    cpe:2.3:a:sendmail:sendmail_switch:2.1.4
  • cpe:2.3:a:sendmail:sendmail_switch:2.2
    cpe:2.3:a:sendmail:sendmail_switch:2.2
  • cpe:2.3:a:sendmail:sendmail_switch:2.2.1
    cpe:2.3:a:sendmail:sendmail_switch:2.2.1
  • cpe:2.3:a:sendmail:sendmail_switch:2.2.2
    cpe:2.3:a:sendmail:sendmail_switch:2.2.2
  • cpe:2.3:a:sendmail:sendmail_switch:2.2.3
    cpe:2.3:a:sendmail:sendmail_switch:2.2.3
  • cpe:2.3:a:sendmail:sendmail_switch:2.2.4
    cpe:2.3:a:sendmail:sendmail_switch:2.2.4
  • cpe:2.3:a:sendmail:sendmail_switch:3.0
    cpe:2.3:a:sendmail:sendmail_switch:3.0
  • cpe:2.3:a:sendmail:sendmail_switch:3.0.1
    cpe:2.3:a:sendmail:sendmail_switch:3.0.1
  • cpe:2.3:a:sendmail:sendmail_switch:3.0.2
    cpe:2.3:a:sendmail:sendmail_switch:3.0.2
  • cpe:2.3:a:sgi:freeware:1.0
    cpe:2.3:a:sgi:freeware:1.0
  • Gentoo Linux 1.4 rc1
    cpe:2.3:o:gentoo:linux:1.4:rc1
  • Gentoo Linux 1.4 rc2
    cpe:2.3:o:gentoo:linux:1.4:rc2
  • HP HP-UX 10.10
    cpe:2.3:o:hp:hp-ux:10.10
  • HP HP-UX 10.20
    cpe:2.3:o:hp:hp-ux:10.20
  • HP-UX 11.00
    cpe:2.3:o:hp:hp-ux:11.00
  • HP HP-UX 11.0.4
    cpe:2.3:o:hp:hp-ux:11.0.4
  • HP-UX 11.11
    cpe:2.3:o:hp:hp-ux:11.11
  • HP-UX 11i v1.6
    cpe:2.3:o:hp:hp-ux:11.22
  • NetBSD 1.5
    cpe:2.3:o:netbsd:netbsd:1.5
  • NetBSD 1.5.1
    cpe:2.3:o:netbsd:netbsd:1.5.1
  • NetBSD 1.5.2
    cpe:2.3:o:netbsd:netbsd:1.5.2
  • NetBSD 1.5.3
    cpe:2.3:o:netbsd:netbsd:1.5.3
  • NetBSD 1.6
    cpe:2.3:o:netbsd:netbsd:1.6
  • Sun Solaris 2.6
    cpe:2.3:o:sun:solaris:2.6
  • cpe:2.3:o:sun:solaris:7.0:-:x86
    cpe:2.3:o:sun:solaris:7.0:-:x86
  • cpe:2.3:o:sun:solaris:8.0:-:x86
    cpe:2.3:o:sun:solaris:8.0:-:x86
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:9.0:-:x86
    cpe:2.3:o:sun:solaris:9.0:-:x86
  • Sun SunOS (formerly Solaris)
    cpe:2.3:o:sun:sunos
  • Sun Microsystems Solaris 7
    cpe:2.3:o:sun:sunos:5.7
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
  • Wind River Systems BSD 4.2
    cpe:2.3:o:windriver:bsdos:4.2
  • Wind River Systems BSD 4.3.1
    cpe:2.3:o:windriver:bsdos:4.3.1
  • Wind River Systems BSD 5.0
    cpe:2.3:o:windriver:bsdos:5.0
  • Wind River Systems Platform SA 1.0
    cpe:2.3:o:windriver:platform_sa:1.0
  • HP AlphaServer SC
    cpe:2.3:h:hp:alphaserver_sc
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability (2). CVE-2002-1337. Remote exploit for unix platform
    id EDB-ID:22314
    last seen 2016-02-02
    modified 2003-03-02
    published 2003-03-02
    reporter bysin
    source https://www.exploit-db.com/download/22314/
    title Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability 2
  • description Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability (1). CVE-2002-1337. Remote exploit for unix platform
    id EDB-ID:22313
    last seen 2016-02-02
    modified 2003-03-02
    published 2003-03-02
    reporter Last Stage of Delirium
    source https://www.exploit-db.com/download/22313/
    title Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability 1
  • description Sendmail 8.11.x Exploit (i386-Linux). CVE-2002-1337. Local exploit for linux platform
    id EDB-ID:411
    last seen 2016-01-31
    modified 2001-01-01
    published 2001-01-01
    reporter sd
    source https://www.exploit-db.com/download/411/
    title Sendmail 8.11.x - Exploit i386-Linux
nessus via4
  • NASL family AIX Local Security Checks
    NASL id AIX_IY40501.NASL
    description The remote host is missing AIX Critical Security Patch number IY40501 (SECURITY: buffer overflow in sendmail). You should install this patch for your system to be up-to-date.
    last seen 2019-02-21
    modified 2017-04-27
    plugin id 14612
    published 2004-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14612
    title AIX 5.1 : IY40501
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-257.NASL
    description Mark Dowd of ISS X-Force found a bug in the header parsing routines of sendmail: it could overflow a buffer overflow when encountering addresses with very long comments. Since sendmail also parses headers when forwarding emails this vulnerability can hit mail-servers which do not deliver the email as well.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15094
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15094
    title Debian DSA-257-1 : sendmail - remote exploit
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29526.NASL
    description s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    last seen 2019-02-21
    modified 2017-04-27
    plugin id 16898
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16898
    title HP-UX PHNE_29526 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-028.NASL
    description A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14012
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14012
    title Mandrake Linux Security Advisory : sendmail (MDKSA-2003:028)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_28409.NASL
    description s700_800 11.22 sendmail(1m) 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - Sendmail Restricted Shell (smrsh) may let local users bypass restrictions to execute code. - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    last seen 2019-02-21
    modified 2017-04-27
    plugin id 16634
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16634
    title HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35483.NASL
    description s700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26133
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26133
    title HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch
  • NASL family SMTP problems
    NASL id SENDMAIL_HEADER.NASL
    description The remote Sendmail server, according to its version number, may be affected by a remote buffer overflow allowing remote users to gain root privileges. Sendmail versions from 5.79 to 8.12.7 are affected. *** Nessus reports this vulnerability using only *** the banner of the remote SMTP server. Therefore, *** this might be a false positive.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 11316
    published 2003-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11316
    title Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow
  • NASL family SMTP problems
    NASL id SHN_SENDMAIL_DOUBLEPIPE.NASL
    description smrsh (supplied by Sendmail) is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes (||) or a mixture of dot and slash characters, a user may be able to bypass the checks performed by smrsh. This can lead to the execution of commands outside of the restricted environment. In addition, a function in headers.c does not properly sanitize input supplied via the 'Address Field' causing an exploitable buffer overflow condition. However, Nessus has not checked for this.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 11321
    published 2003-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11321
    title Sendmail 8.8.8 - 8.12.7 Multiple Vulnerabilities (Bypass, OF)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2003-074.NASL
    description Updated Sendmail packages are available to fix a vulnerability that may allow remote attackers to gain root privileges by sending a carefully crafted message. [Updated March 18 2003] Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS. Sendmail is a widely used Mail Transport Agent (MTA) which is included in all Red Hat Enterprise Linux distributions. During a code audit of Sendmail by ISS, a critical vulnerability was uncovered that affects unpatched versions of Sendmail prior to version 8.12.8. A remote attacker can send a carefully crafted email message which, when processed by sendmail, causes arbitrary code to be executed as root. We are advised that a proof-of-concept exploit is known to exist, but is not believed to be in the wild. Since this is a message-based vulnerability, MTAs other than Sendmail may pass on the carefully crafted message. This means that unpatched versions of Sendmail inside a network could still be at risk even if they do not accept external connections directly. All users are advised to update to these erratum packages which contain a backported patch to correct this vulnerability. Red Hat would like to thank Eric Allman for his assistance with this vulnerability.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12372
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12372
    title RHEL 2.1 : sendmail (RHSA-2003:074)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35484.NASL
    description s700_800 11.11 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26134
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26134
    title HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch
oval via4
accepted 2005-06-01T03:30:00.000-04:00
class vulnerability
contributors
name Brian Soby
organization The MITRE Corporation
description Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
family unix
id oval:org.mitre.oval:def:2222
status accepted
submitted 2005-04-13T12:00:00.000-04:00
title Sendmail Address Processor Buffer Overflow
version 31
redhat via4
advisories
  • rhsa
    id RHSA-2003:073
  • rhsa
    id RHSA-2003:074
  • rhsa
    id RHSA-2003:227
refmap via4
aixapar
  • IY40500
  • IY40501
  • IY40502
bid 6991
bugtraq
  • 20030303 Fwd: APPLE-SA-2003-03-03 sendmail
  • 20030303 sendmail 8.12.8 available
  • 20030304 GLSA: sendmail (200303-4)
  • 20030304 [LSD] Technical analysis of the remote sendmail vulnerability
caldera
  • CSSA-2003-SCO.5
  • CSSA-2003-SCO.6
cert CA-2003-07
cert-vn VU#398025
conectiva CLA-2003:571
confirm http://www.sendmail.org/8.12.8.html
debian DSA-257
freebsd FreeBSD-SA-03:04
hp HPSBUX0302-246
iss 20030303 Remote Sendmail Header Processing Vulnerability
mandrake MDKSA-2003:028
netbsd NetBSD-SA2003-002
sgi 20030301-01-P
suse SuSE-SA:2003:013
xf sendmail-header-processing-bo(10748)
Last major update 17-10-2016 - 22:26
Published 07-03-2003 - 00:00
Last modified 30-10-2018 - 12:26
Back to Top