ID CVE-2003-0694
Summary The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
References
Vulnerable Configurations
  • Sendmail Sendmail Advanced Message Server 1.2
    cpe:2.3:a:sendmail:advanced_message_server:1.2
  • Sendmail Sendmail Advanced Message Server 1.3
    cpe:2.3:a:sendmail:advanced_message_server:1.3
  • Sendmail Sendmail 2.6
    cpe:2.3:a:sendmail:sendmail:2.6
  • Sendmail Sendmail 2.6.1
    cpe:2.3:a:sendmail:sendmail:2.6.1
  • Sendmail Sendmail 2.6.2
    cpe:2.3:a:sendmail:sendmail:2.6.2
  • Sendmail Sendmail 3.0
    cpe:2.3:a:sendmail:sendmail:3.0
  • Sendmail Sendmail 3.0.1
    cpe:2.3:a:sendmail:sendmail:3.0.1
  • Sendmail Sendmail 3.0.2
    cpe:2.3:a:sendmail:sendmail:3.0.2
  • Sendmail Sendmail 3.0.3
    cpe:2.3:a:sendmail:sendmail:3.0.3
  • Sendmail Sendmail 8.8.8
    cpe:2.3:a:sendmail:sendmail:8.8.8
  • Sendmail Sendmail 8.9.0
    cpe:2.3:a:sendmail:sendmail:8.9.0
  • Sendmail Sendmail 8.9.1
    cpe:2.3:a:sendmail:sendmail:8.9.1
  • Sendmail Sendmail 8.9.2
    cpe:2.3:a:sendmail:sendmail:8.9.2
  • Sendmail Sendmail 8.9.3
    cpe:2.3:a:sendmail:sendmail:8.9.3
  • Sendmail Sendmail 8.10
    cpe:2.3:a:sendmail:sendmail:8.10
  • Sendmail Sendmail 8.10.1
    cpe:2.3:a:sendmail:sendmail:8.10.1
  • Sendmail Sendmail 8.10.2
    cpe:2.3:a:sendmail:sendmail:8.10.2
  • Sendmail Sendmail 8.11
    cpe:2.3:a:sendmail:sendmail:8.11.0
  • Sendmail Sendmail 8.11.1
    cpe:2.3:a:sendmail:sendmail:8.11.1
  • Sendmail Sendmail 8.11.2
    cpe:2.3:a:sendmail:sendmail:8.11.2
  • Sendmail Sendmail 8.11.3
    cpe:2.3:a:sendmail:sendmail:8.11.3
  • Sendmail Sendmail 8.11.4
    cpe:2.3:a:sendmail:sendmail:8.11.4
  • Sendmail Sendmail 8.11.5
    cpe:2.3:a:sendmail:sendmail:8.11.5
  • Sendmail Sendmail 8.11.6
    cpe:2.3:a:sendmail:sendmail:8.11.6
  • Sendmail Sendmail 8.12 Beta10
    cpe:2.3:a:sendmail:sendmail:8.12:beta10
  • Sendmail Sendmail 8.12 Beta12
    cpe:2.3:a:sendmail:sendmail:8.12:beta12
  • Sendmail Sendmail 8.12 Beta16
    cpe:2.3:a:sendmail:sendmail:8.12:beta16
  • Sendmail Sendmail 8.12 Beta5
    cpe:2.3:a:sendmail:sendmail:8.12:beta5
  • Sendmail Sendmail 8.12 beta7
    cpe:2.3:a:sendmail:sendmail:8.12:beta7
  • Sendmail Sendmail 8.12.0
    cpe:2.3:a:sendmail:sendmail:8.12.0
  • Sendmail Sendmail 8.12.1
    cpe:2.3:a:sendmail:sendmail:8.12.1
  • Sendmail Sendmail 8.12.2
    cpe:2.3:a:sendmail:sendmail:8.12.2
  • Sendmail Sendmail 8.12.3
    cpe:2.3:a:sendmail:sendmail:8.12.3
  • Sendmail Sendmail 8.12.4
    cpe:2.3:a:sendmail:sendmail:8.12.4
  • Sendmail Sendmail 8.12.5
    cpe:2.3:a:sendmail:sendmail:8.12.5
  • Sendmail Sendmail 8.12.6
    cpe:2.3:a:sendmail:sendmail:8.12.6
  • Sendmail Sendmail 8.12.7
    cpe:2.3:a:sendmail:sendmail:8.12.7
  • Sendmail Sendmail 8.12.8
    cpe:2.3:a:sendmail:sendmail:8.12.8
  • Sendmail Sendmail 8.12.9
    cpe:2.3:a:sendmail:sendmail:8.12.9
  • Sendmail Sendmail Pro 8.9.2
    cpe:2.3:a:sendmail:sendmail_pro:8.9.2
  • Sendmail Sendmail Pro 8.9.3
    cpe:2.3:a:sendmail:sendmail_pro:8.9.3
  • cpe:2.3:a:sendmail:sendmail_switch:2.1
    cpe:2.3:a:sendmail:sendmail_switch:2.1
  • cpe:2.3:a:sendmail:sendmail_switch:2.1.1
    cpe:2.3:a:sendmail:sendmail_switch:2.1.1
  • cpe:2.3:a:sendmail:sendmail_switch:2.1.2
    cpe:2.3:a:sendmail:sendmail_switch:2.1.2
  • cpe:2.3:a:sendmail:sendmail_switch:2.1.3
    cpe:2.3:a:sendmail:sendmail_switch:2.1.3
  • cpe:2.3:a:sendmail:sendmail_switch:2.1.4
    cpe:2.3:a:sendmail:sendmail_switch:2.1.4
  • cpe:2.3:a:sendmail:sendmail_switch:2.1.5
    cpe:2.3:a:sendmail:sendmail_switch:2.1.5
  • cpe:2.3:a:sendmail:sendmail_switch:2.2
    cpe:2.3:a:sendmail:sendmail_switch:2.2
  • cpe:2.3:a:sendmail:sendmail_switch:2.2.1
    cpe:2.3:a:sendmail:sendmail_switch:2.2.1
  • cpe:2.3:a:sendmail:sendmail_switch:2.2.2
    cpe:2.3:a:sendmail:sendmail_switch:2.2.2
  • cpe:2.3:a:sendmail:sendmail_switch:2.2.3
    cpe:2.3:a:sendmail:sendmail_switch:2.2.3
  • cpe:2.3:a:sendmail:sendmail_switch:2.2.4
    cpe:2.3:a:sendmail:sendmail_switch:2.2.4
  • cpe:2.3:a:sendmail:sendmail_switch:2.2.5
    cpe:2.3:a:sendmail:sendmail_switch:2.2.5
  • cpe:2.3:a:sendmail:sendmail_switch:3.0
    cpe:2.3:a:sendmail:sendmail_switch:3.0
  • cpe:2.3:a:sendmail:sendmail_switch:3.0.1
    cpe:2.3:a:sendmail:sendmail_switch:3.0.1
  • cpe:2.3:a:sendmail:sendmail_switch:3.0.2
    cpe:2.3:a:sendmail:sendmail_switch:3.0.2
  • cpe:2.3:a:sendmail:sendmail_switch:3.0.3
    cpe:2.3:a:sendmail:sendmail_switch:3.0.3
  • SGI IRIX 6.5.15
    cpe:2.3:o:sgi:irix:6.5.15
  • SGI IRIX 6.5.16
    cpe:2.3:o:sgi:irix:6.5.16
  • SGI IRIX 6.5.17f
    cpe:2.3:o:sgi:irix:6.5.17f
  • SGI IRIX 6.5.17m
    cpe:2.3:o:sgi:irix:6.5.17m
  • SGI IRIX 6.5.18f
    cpe:2.3:o:sgi:irix:6.5.18f
  • SGI IRIX 6.5.18m
    cpe:2.3:o:sgi:irix:6.5.18m
  • SGI IRIX 6.5.19f
    cpe:2.3:o:sgi:irix:6.5.19f
  • SGI IRIX 6.5.19m
    cpe:2.3:o:sgi:irix:6.5.19m
  • SGI IRIX 6.5.20f
    cpe:2.3:o:sgi:irix:6.5.20f
  • SGI IRIX 6.5.20m
    cpe:2.3:o:sgi:irix:6.5.20m
  • SGI IRIX 6.5.21f
    cpe:2.3:o:sgi:irix:6.5.21f
  • SGI IRIX 6.5.21m
    cpe:2.3:o:sgi:irix:6.5.21m
  • Apple Mac OS X 10.2
    cpe:2.3:o:apple:mac_os_x:10.2
  • Apple Mac OS X 10.2.1
    cpe:2.3:o:apple:mac_os_x:10.2.1
  • Apple Mac OS X 10.2.2
    cpe:2.3:o:apple:mac_os_x:10.2.2
  • Apple Mac OS X 10.2.3
    cpe:2.3:o:apple:mac_os_x:10.2.3
  • Apple Mac OS X 10.2.4
    cpe:2.3:o:apple:mac_os_x:10.2.4
  • Apple Mac OS X 10.2.5
    cpe:2.3:o:apple:mac_os_x:10.2.5
  • Apple Mac OS X 10.2.6
    cpe:2.3:o:apple:mac_os_x:10.2.6
  • Apple Mac OS X Server 10.2
    cpe:2.3:o:apple:mac_os_x_server:10.2
  • Apple Mac OS X Server 10.2.1
    cpe:2.3:o:apple:mac_os_x_server:10.2.1
  • Apple Mac OS X Server 10.2.2
    cpe:2.3:o:apple:mac_os_x_server:10.2.2
  • Apple Mac OS X Server 10.2.3
    cpe:2.3:o:apple:mac_os_x_server:10.2.3
  • Apple Mac OS X Server 10.2.4
    cpe:2.3:o:apple:mac_os_x_server:10.2.4
  • Apple Mac OS X Server 10.2.5
    cpe:2.3:o:apple:mac_os_x_server:10.2.5
  • Apple Mac OS X Server 10.2.6
    cpe:2.3:o:apple:mac_os_x_server:10.2.6
  • Compaq Tru64 4.0f
    cpe:2.3:o:compaq:tru64:4.0f
  • Compaq Tru64 4.0f PK6_BL17
    cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17
  • Compaq Tru64 4.0f PK7_BL18
    cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18
  • Compaq Tru64 4.0f PK8_BL22
    cpe:2.3:o:compaq:tru64:4.0f_pk8_bl22
  • Compaq Tru64 4.0g
    cpe:2.3:o:compaq:tru64:4.0g
  • Compaq Tru64 4.0g PK3_BL17
    cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17
  • Compaq Tru64 4.0g PK4_BL22
    cpe:2.3:o:compaq:tru64:4.0g_pk4_bl22
  • Compaq Tru64 5.1
    cpe:2.3:o:compaq:tru64:5.1
  • Compaq Tru64 5.1 PK3_BL17
    cpe:2.3:o:compaq:tru64:5.1_pk3_bl17
  • Compaq Tru64 5.1 PK4_BL18
    cpe:2.3:o:compaq:tru64:5.1_pk4_bl18
  • Compaq Tru64 5.1 PK5_BL19
    cpe:2.3:o:compaq:tru64:5.1_pk5_bl19
  • Compaq Tru64 5.1 PK6_BL20
    cpe:2.3:o:compaq:tru64:5.1_pk6_bl20
  • Compaq Tru64 5.1a
    cpe:2.3:o:compaq:tru64:5.1a
  • Compaq Tru64 5.1a PK1_BL1
    cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1
  • Compaq Tru64 5.1a PK2_BL2
    cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2
  • Compaq Tru64 5.1a PK3_BL3
    cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3
  • Compaq Tru64 5.1a PK4_BL21
    cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21
  • Compaq Tru64 5.1a PK5_BL23
    cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23
  • Compaq Tru64 5.1b
    cpe:2.3:o:compaq:tru64:5.1b
  • Compaq Tru64 5.1b PK1_BL1
    cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1
  • Compaq Tru64 5.1b PK2_BL22
    cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22
  • cpe:2.3:o:freebsd:freebsd:3.0:releng
    cpe:2.3:o:freebsd:freebsd:3.0:releng
  • cpe:2.3:o:freebsd:freebsd:4.0:releng
    cpe:2.3:o:freebsd:freebsd:4.0:releng
  • cpe:2.3:o:freebsd:freebsd:4.3:release_p38
    cpe:2.3:o:freebsd:freebsd:4.3:release_p38
  • cpe:2.3:o:freebsd:freebsd:4.3:releng
    cpe:2.3:o:freebsd:freebsd:4.3:releng
  • cpe:2.3:o:freebsd:freebsd:4.4:release_p42
    cpe:2.3:o:freebsd:freebsd:4.4:release_p42
  • cpe:2.3:o:freebsd:freebsd:4.4:releng
    cpe:2.3:o:freebsd:freebsd:4.4:releng
  • cpe:2.3:o:freebsd:freebsd:4.5:release_p32
    cpe:2.3:o:freebsd:freebsd:4.5:release_p32
  • cpe:2.3:o:freebsd:freebsd:4.5:releng
    cpe:2.3:o:freebsd:freebsd:4.5:releng
  • cpe:2.3:o:freebsd:freebsd:4.6:release_p20
    cpe:2.3:o:freebsd:freebsd:4.6:release_p20
  • cpe:2.3:o:freebsd:freebsd:4.6:releng
    cpe:2.3:o:freebsd:freebsd:4.6:releng
  • cpe:2.3:o:freebsd:freebsd:4.7:release_p17
    cpe:2.3:o:freebsd:freebsd:4.7:release_p17
  • cpe:2.3:o:freebsd:freebsd:4.7:releng
    cpe:2.3:o:freebsd:freebsd:4.7:releng
  • cpe:2.3:o:freebsd:freebsd:4.8:release_p6
    cpe:2.3:o:freebsd:freebsd:4.8:release_p6
  • cpe:2.3:o:freebsd:freebsd:4.8:releng
    cpe:2.3:o:freebsd:freebsd:4.8:releng
  • cpe:2.3:o:freebsd:freebsd:4.9:pre-release
    cpe:2.3:o:freebsd:freebsd:4.9:pre-release
  • cpe:2.3:o:freebsd:freebsd:5.0:release_p14
    cpe:2.3:o:freebsd:freebsd:5.0:release_p14
  • cpe:2.3:o:freebsd:freebsd:5.0:releng
    cpe:2.3:o:freebsd:freebsd:5.0:releng
  • cpe:2.3:o:freebsd:freebsd:5.1:release_p5
    cpe:2.3:o:freebsd:freebsd:5.1:release_p5
  • cpe:2.3:o:freebsd:freebsd:5.1:releng
    cpe:2.3:o:freebsd:freebsd:5.1:releng
  • cpe:2.3:o:gentoo:linux:0.5
    cpe:2.3:o:gentoo:linux:0.5
  • cpe:2.3:o:gentoo:linux:0.7
    cpe:2.3:o:gentoo:linux:0.7
  • cpe:2.3:o:gentoo:linux:1.1a
    cpe:2.3:o:gentoo:linux:1.1a
  • Gentoo Linux 1.2
    cpe:2.3:o:gentoo:linux:1.2
  • Gentoo Linux 1.4 rc1
    cpe:2.3:o:gentoo:linux:1.4:rc1
  • Gentoo Linux 1.4 rc2
    cpe:2.3:o:gentoo:linux:1.4:rc2
  • Gentoo Linux 1.4 rc3
    cpe:2.3:o:gentoo:linux:1.4:rc3
  • HP-UX 11.00
    cpe:2.3:o:hp:hp-ux:11.00
  • HP HP-UX 11.0.4
    cpe:2.3:o:hp:hp-ux:11.0.4
  • HP-UX 11.11
    cpe:2.3:o:hp:hp-ux:11.11
  • HP-UX 11i v1.6
    cpe:2.3:o:hp:hp-ux:11.22
  • IBM AIX 4.3.3
    cpe:2.3:o:ibm:aix:4.3.3
  • IBM AIX 5.1
    cpe:2.3:o:ibm:aix:5.1
  • IBM AIX 5.2
    cpe:2.3:o:ibm:aix:5.2
  • NetBSD 1.4.3
    cpe:2.3:o:netbsd:netbsd:1.4.3
  • NetBSD 1.5
    cpe:2.3:o:netbsd:netbsd:1.5
  • cpe:2.3:o:netbsd:netbsd:1.5:-:sh3
    cpe:2.3:o:netbsd:netbsd:1.5:-:sh3
  • cpe:2.3:o:netbsd:netbsd:1.5:-:x86
    cpe:2.3:o:netbsd:netbsd:1.5:-:x86
  • NetBSD 1.5.1
    cpe:2.3:o:netbsd:netbsd:1.5.1
  • NetBSD 1.5.2
    cpe:2.3:o:netbsd:netbsd:1.5.2
  • NetBSD 1.5.3
    cpe:2.3:o:netbsd:netbsd:1.5.3
  • NetBSD 1.6
    cpe:2.3:o:netbsd:netbsd:1.6
  • NetBSD 1.6 Beta
    cpe:2.3:o:netbsd:netbsd:1.6:beta
  • NetBSD 1.6.1
    cpe:2.3:o:netbsd:netbsd:1.6.1
  • Sun Solaris 2.6
    cpe:2.3:o:sun:solaris:2.6
  • cpe:2.3:o:sun:solaris:7.0:-:x86
    cpe:2.3:o:sun:solaris:7.0:-:x86
  • cpe:2.3:o:sun:solaris:8.0:-:x86
    cpe:2.3:o:sun:solaris:8.0:-:x86
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:9.0:-:x86
    cpe:2.3:o:sun:solaris:9.0:-:x86
  • Sun SunOS (formerly Solaris)
    cpe:2.3:o:sun:sunos
  • Sun Microsystems Solaris 7
    cpe:2.3:o:sun:sunos:5.7
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
  • cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0
    cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0
  • cpe:2.3:o:turbolinux:turbolinux_server:6.1
    cpe:2.3:o:turbolinux:turbolinux_server:6.1
  • cpe:2.3:o:turbolinux:turbolinux_server:6.5
    cpe:2.3:o:turbolinux:turbolinux_server:6.5
  • cpe:2.3:o:turbolinux:turbolinux_server:7.0
    cpe:2.3:o:turbolinux:turbolinux_server:7.0
  • cpe:2.3:o:turbolinux:turbolinux_server:8.0
    cpe:2.3:o:turbolinux:turbolinux_server:8.0
  • cpe:2.3:o:turbolinux:turbolinux_workstation:6.0
    cpe:2.3:o:turbolinux:turbolinux_workstation:6.0
  • cpe:2.3:o:turbolinux:turbolinux_workstation:7.0
    cpe:2.3:o:turbolinux:turbolinux_workstation:7.0
  • cpe:2.3:o:turbolinux:turbolinux_workstation:8.0
    cpe:2.3:o:turbolinux:turbolinux_workstation:8.0
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
metasploit via4
description This is a proof of concept denial of service module for Sendmail versions 8.12.8 and earlier. The vulnerability is within the prescan() method when parsing SMTP headers. Due to the prescan function, only 0x5c and 0x00 bytes can be used, limiting the likelihood for arbitrary code execution.
id MSF:AUXILIARY/DOS/SMTP/SENDMAIL_PRESCAN
last seen 2018-03-18
modified 2017-11-08
published 2009-09-12
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/smtp/sendmail_prescan.rb
title Sendmail SMTP Address prescan Memory Corruption
nessus via4
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35485.NASL
    description s700_800 11.23 sendmail(1M) 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631)
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 26135
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26135
    title HP-UX PHNE_35485 : s700_800 11.23 sendmail(1M) 8.11.1 patch
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-384.NASL
    description Two vulnerabilities were reported in sendmail. - CAN-2003-0681 : A 'potential buffer overflow in ruleset parsing' for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. - CAN-2003-0694 : The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15221
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15221
    title Debian DSA-384-1 : sendmail - buffer overflows
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35483.NASL
    description s700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26133
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26133
    title HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-092.NASL
    description A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CVE-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CVE-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14074
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14074
    title Mandrake Linux Security Advisory : sendmail (MDKSA-2003:092)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29912.NASL
    description s700_800 11.22 sendmail(1m) 8.11.1 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681.
    last seen 2019-02-21
    modified 2015-01-14
    plugin id 16855
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16855
    title HP-UX PHNE_29912 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2003_040.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2003:040 (sendmail, sendmail-tls). sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SUSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SUSE products up to and including SUSE LINUX 8.0 and the SUSE LINUX Enterprise Server 7. The vulnerability discovered is known as the prescan()-bug and is not related to the vulnerability found and fixed in April 2003. The error in the code can cause heap or stack memory to be overwritten, triggered by (but not limited to) functions that parse header addresses. There is no known workaround for this vulnerability other than using a different MTA. The vulnerability is triggered by an email message sent through the sendmail MTA subsystem. In that respect, it is different from commonly known bugs that occur in the context of an open TCP connection. By consequence, the vulnerability also exists if email messages get forwarded over a relay that itself does not run a vulnerable MTA. This specific detail and the wide distribution of sendmail in the internet causes this vulnerability to be considered a flaw of major severity. We recommend to install the update packages that are provided for download at the locations listed below. We thank Michal Zalewski who discovered this vulnerability and the friendly people from Sendmail Inc (Claus Assmann) who have communicated problem to SUSE Security. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update.
    last seen 2019-02-21
    modified 2015-01-13
    plugin id 13808
    published 2004-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13808
    title SUSE-SA:2003:040: sendmail, sendmail-tls
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_30224.NASL
    description s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681.
    last seen 2019-02-21
    modified 2015-01-14
    plugin id 16704
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16704
    title HP-UX PHNE_30224 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)
  • NASL family AIX Local Security Checks
    NASL id AIX_IY48658.NASL
    description The remote host is missing AIX Critical Security Patch number IY48658 (Sendmail prescan() vulnerability). You should install this patch for your system to be up-to-date.
    last seen 2019-02-21
    modified 2014-03-12
    plugin id 14619
    published 2004-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14619
    title AIX 5.1 : IY48658
  • NASL family SMTP problems
    NASL id SENDMAIL_PRESCAN_OVERFLOW.NASL
    description According to its version number, the remote Sendmail server is between 5.79 to 8.12.9. Such versions are reportedly vulnerable to remote buffer overflow attacks, one in the 'prescan()' function and another involving its ruleset processing. A remote user may be able to leverage these issues to gain root privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 11838
    published 2003-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11838
    title Sendmail < 8.12.10 prescan() Function Remote Overflow
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2003-284.NASL
    description Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available. Sendmail is a widely used Mail Transport Agent (MTA) and is included in all Red Hat Enterprise Linux distributions. There is a bug in the prescan() function of Sendmail versions prior to and including 8.12.9. The sucessful exploitation of this bug can lead to heap and stack structure overflows. Although no exploit currently exists, this issue is locally exploitable and may also be remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0694 to this issue. All users are advised to update to these erratum packages containing a backported patch which corrects these vulnerabilities. Red Hat would like to thank Michal Zalewski for finding and reporting this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12422
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12422
    title RHEL 2.1 : sendmail (RHSA-2003:284)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35484.NASL
    description s700_800 11.11 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26134
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26134
    title HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch
  • NASL family AIX Local Security Checks
    NASL id AIX_IY48657.NASL
    description The remote host is missing AIX Critical Security Patch number IY48657 (Sendmail prescan() vulnerability). You should install this patch for your system to be up-to-date.
    last seen 2019-02-21
    modified 2014-03-12
    plugin id 14606
    published 2004-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14606
    title AIX 5.2 : IY48657
oval via4
  • accepted 2005-02-23T09:25:00.000-04:00
    class vulnerability
    contributors
    name Brian Soby
    organization The MITRE Corporation
    description The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
    family unix
    id oval:org.mitre.oval:def:2975
    status accepted
    submitted 2004-12-29T12:00:00.000-04:00
    title Sendmail prescan function Buffer Overflow
    version 30
  • accepted 2010-09-20T04:00:30.551-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    • name Jonathan Baker
      organization The MITRE Corporation
    description The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
    family unix
    id oval:org.mitre.oval:def:572
    status accepted
    submitted 2003-08-11T12:00:00.000-04:00
    title Sendmail BO in Prescan Function
    version 37
  • accepted 2010-09-20T04:00:32.475-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    • name Jonathan Baker
      organization The MITRE Corporation
    description The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
    family unix
    id oval:org.mitre.oval:def:603
    status accepted
    submitted 2003-09-21T12:00:00.000-04:00
    title Sendmail BO in prescan Function
    version 37
redhat via4
advisories
  • rhsa
    id RHSA-2003:283
  • rhsa
    id RHSA-2003:284
refmap via4
bugtraq
  • 20030917 GLSA: sendmail (200309-13)
  • 20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
  • 20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)
  • 20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)
cert CA-2003-25
cert-vn VU#784980
conectiva CLA-2003:742
confirm http://www.sendmail.org/8.12.10.html
debian DSA-384
freebsd FreeBSD-SA-03:13
fulldisc 20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
hp SSRT3631
immunix IMNX-2003-7+-021-01
mandrake MDKSA-2003:092
sco
  • CSSA-2003-036.0
  • SCOSA-2004.11
vulnwatch 20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug
Last major update 17-10-2016 - 22:36
Published 06-10-2003 - 00:00
Last modified 30-10-2018 - 12:26
Back to Top