Search criteria
8 vulnerabilities found for sendmail_switch by sendmail
CVE-2002-1337 (GCVE-0-2002-1337)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI
Summary
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2003-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-073.html"
},
{
"name": "20030301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P"
},
{
"name": "IY40501",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40501\u0026apar=only"
},
{
"name": "20030303 Fwd: APPLE-SA-2003-03-03 sendmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678862109841\u0026w=2"
},
{
"name": "RHSA-2003:227",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-227.html"
},
{
"name": "6991",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6991"
},
{
"name": "VU#398025",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/398025"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sendmail.org/8.12.8.html"
},
{
"name": "DSA-257",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-257"
},
{
"name": "20030304 [LSD] Technical analysis of the remote sendmail vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678739608479\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2222",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222"
},
{
"name": "RHSA-2003:074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-074.html"
},
{
"name": "CA-2003-07",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-07.html"
},
{
"name": "20030303 sendmail 8.12.8 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104673778105192\u0026w=2"
},
{
"name": "MDKSA-2003:028",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028"
},
{
"name": "IY40500",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40500\u0026apar=only"
},
{
"name": "sendmail-header-processing-bo(10748)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10748.php"
},
{
"name": "CSSA-2003-SCO.6",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6"
},
{
"name": "CSSA-2003-SCO.5",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5"
},
{
"name": "CLA-2003:571",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000571"
},
{
"name": "NetBSD-SA2003-002",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc"
},
{
"name": "HPSBUX0302-246",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104679411316818\u0026w=2"
},
{
"name": "20030303 Remote Sendmail Header Processing Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950"
},
{
"name": "IY40502",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40502\u0026apar=only"
},
{
"name": "20030304 GLSA: sendmail (200303-4)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678862409849\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-21T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-073.html"
},
{
"name": "20030301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P"
},
{
"name": "IY40501",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40501\u0026apar=only"
},
{
"name": "20030303 Fwd: APPLE-SA-2003-03-03 sendmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678862109841\u0026w=2"
},
{
"name": "RHSA-2003:227",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-227.html"
},
{
"name": "6991",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6991"
},
{
"name": "VU#398025",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/398025"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sendmail.org/8.12.8.html"
},
{
"name": "DSA-257",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-257"
},
{
"name": "20030304 [LSD] Technical analysis of the remote sendmail vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678739608479\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2222",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222"
},
{
"name": "RHSA-2003:074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-074.html"
},
{
"name": "CA-2003-07",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-07.html"
},
{
"name": "20030303 sendmail 8.12.8 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104673778105192\u0026w=2"
},
{
"name": "MDKSA-2003:028",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028"
},
{
"name": "IY40500",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40500\u0026apar=only"
},
{
"name": "sendmail-header-processing-bo(10748)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10748.php"
},
{
"name": "CSSA-2003-SCO.6",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6"
},
{
"name": "CSSA-2003-SCO.5",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5"
},
{
"name": "CLA-2003:571",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000571"
},
{
"name": "NetBSD-SA2003-002",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc"
},
{
"name": "HPSBUX0302-246",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104679411316818\u0026w=2"
},
{
"name": "20030303 Remote Sendmail Header Processing Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950"
},
{
"name": "IY40502",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40502\u0026apar=only"
},
{
"name": "20030304 GLSA: sendmail (200303-4)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678862409849\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-073.html"
},
{
"name": "20030301-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P"
},
{
"name": "IY40501",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40501\u0026apar=only"
},
{
"name": "20030303 Fwd: APPLE-SA-2003-03-03 sendmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104678862109841\u0026w=2"
},
{
"name": "RHSA-2003:227",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-227.html"
},
{
"name": "6991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6991"
},
{
"name": "VU#398025",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/398025"
},
{
"name": "http://www.sendmail.org/8.12.8.html",
"refsource": "CONFIRM",
"url": "http://www.sendmail.org/8.12.8.html"
},
{
"name": "DSA-257",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-257"
},
{
"name": "20030304 [LSD] Technical analysis of the remote sendmail vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104678739608479\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2222",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222"
},
{
"name": "RHSA-2003:074",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-074.html"
},
{
"name": "CA-2003-07",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-07.html"
},
{
"name": "20030303 sendmail 8.12.8 available",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104673778105192\u0026w=2"
},
{
"name": "MDKSA-2003:028",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028"
},
{
"name": "IY40500",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40500\u0026apar=only"
},
{
"name": "sendmail-header-processing-bo(10748)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10748.php"
},
{
"name": "CSSA-2003-SCO.6",
"refsource": "CALDERA",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6"
},
{
"name": "CSSA-2003-SCO.5",
"refsource": "CALDERA",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5"
},
{
"name": "CLA-2003:571",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000571"
},
{
"name": "NetBSD-SA2003-002",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc"
},
{
"name": "HPSBUX0302-246",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=104679411316818\u0026w=2"
},
{
"name": "20030303 Remote Sendmail Header Processing Vulnerability",
"refsource": "ISS",
"url": "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950"
},
{
"name": "IY40502",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40502\u0026apar=only"
},
{
"name": "20030304 GLSA: sendmail (200303-4)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104678862409849\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1337",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2002-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:19:28.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0681 (GCVE-0-2003-0681)
Vulnerability from cvelistv5 – Published: 2003-09-18 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=106398718909274&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.sendmail.org/8.12.10.html | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2003-283.html | vendor-advisoryx_refsource_REDHAT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRAKE |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.kb.cert.org/vuls/id/108964 | third-party-advisoryx_refsource_CERT-VN |
| http://www.debian.org/security/2003/dsa-384 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=106383437615742&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/8649 | vdb-entryx_refsource_BID |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
Date Public
2003-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:11.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "oval:org.mitre.oval:def:595",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595"
},
{
"name": "MDKSA-2003:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:3606",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606"
},
{
"name": "VU#108964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/108964"
},
{
"name": "DSA-384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "sendmail-ruleset-parsing-bo(13216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "8649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8649"
},
{
"name": "CLA-2003:742",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "oval:org.mitre.oval:def:595",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595"
},
{
"name": "MDKSA-2003:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:3606",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606"
},
{
"name": "VU#108964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/108964"
},
{
"name": "DSA-384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "sendmail-ruleset-parsing-bo(13216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "8649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8649"
},
{
"name": "CLA-2003:742",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"name": "http://www.sendmail.org/8.12.10.html",
"refsource": "CONFIRM",
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "oval:org.mitre.oval:def:595",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595"
},
{
"name": "MDKSA-2003:092",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:3606",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606"
},
{
"name": "VU#108964",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/108964"
},
{
"name": "DSA-384",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "sendmail-ruleset-parsing-bo(13216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "8649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8649"
},
{
"name": "CLA-2003:742",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0681",
"datePublished": "2003-09-18T04:00:00.000Z",
"dateReserved": "2003-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:11.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0694 (GCVE-0-2003-0694)
Vulnerability from cvelistv5 – Published: 2003-09-18 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
Date Public
2003-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:11.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html"
},
{
"name": "CA-2003-25",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-25.html"
},
{
"name": "VU#784980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"name": "MDKSA-2003:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:603",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603"
},
{
"name": "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106382859407683\u0026w=2"
},
{
"name": "DSA-384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "SCOSA-2004.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "RHSA-2003:284",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-284.html"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html"
},
{
"name": "oval:org.mitre.oval:def:572",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381604923204\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975"
},
{
"name": "CLA-2003:742",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html"
},
{
"name": "CA-2003-25",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-25.html"
},
{
"name": "VU#784980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"name": "MDKSA-2003:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:603",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603"
},
{
"name": "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106382859407683\u0026w=2"
},
{
"name": "DSA-384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "SCOSA-2004.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "RHSA-2003:284",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-284.html"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html"
},
{
"name": "oval:org.mitre.oval:def:572",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381604923204\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975"
},
{
"name": "CLA-2003:742",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"name": "http://www.sendmail.org/8.12.10.html",
"refsource": "CONFIRM",
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html"
},
{
"name": "CA-2003-25",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-25.html"
},
{
"name": "VU#784980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"name": "MDKSA-2003:092",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:603",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603"
},
{
"name": "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106382859407683\u0026w=2"
},
{
"name": "DSA-384",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "SCOSA-2004.11",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "RHSA-2003:284",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-284.html"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html"
},
{
"name": "oval:org.mitre.oval:def:572",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106381604923204\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2975",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975"
},
{
"name": "CLA-2003:742",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0694",
"datePublished": "2003-09-18T04:00:00.000Z",
"dateReserved": "2003-08-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:11.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0161 (GCVE-0-2003-0161)
Vulnerability from cvelistv5 – Published: 2003-04-01 05:00 – Updated: 2024-08-08 01:43
VLAI
Summary
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
24 references
Date Public
2003-03-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1001088",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1"
},
{
"name": "52620",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1"
},
{
"name": "20030401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P"
},
{
"name": "7230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7230"
},
{
"name": "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104914999806315\u0026w=2"
},
{
"name": "RHSA-2003:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-120.html"
},
{
"name": "20030401 Immunix Secured OS 7+ openssl update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"name": "DSA-278",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-278"
},
{
"name": "DSA-290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-290"
},
{
"name": "IMNX-2003-7+-002-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"name": "52700",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1"
},
{
"name": "CA-2003-12",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-12.html"
},
{
"name": "CSSA-2003-016.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt"
},
{
"name": "20030331 GLSA: sendmail (200303-27)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316961/30/25250/threaded"
},
{
"name": "RHSA-2003:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-121.html"
},
{
"name": "CLA-2003:614",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000614"
},
{
"name": "SCOSA-2004.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "GLSA-200303-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104897487512238\u0026w=2"
},
{
"name": "FreeBSD-SA-03:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc"
},
{
"name": "20030520 [Fwd: 127 Research and Development: 127 Day!]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/321997"
},
{
"name": "20030329 sendmail 8.12.9 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104896621106790\u0026w=2"
},
{
"name": "VU#897604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/897604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1001088",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1"
},
{
"name": "52620",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1"
},
{
"name": "20030401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P"
},
{
"name": "7230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7230"
},
{
"name": "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104914999806315\u0026w=2"
},
{
"name": "RHSA-2003:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-120.html"
},
{
"name": "20030401 Immunix Secured OS 7+ openssl update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"name": "DSA-278",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-278"
},
{
"name": "DSA-290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-290"
},
{
"name": "IMNX-2003-7+-002-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"name": "52700",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1"
},
{
"name": "CA-2003-12",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-12.html"
},
{
"name": "CSSA-2003-016.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt"
},
{
"name": "20030331 GLSA: sendmail (200303-27)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316961/30/25250/threaded"
},
{
"name": "RHSA-2003:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-121.html"
},
{
"name": "CLA-2003:614",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000614"
},
{
"name": "SCOSA-2004.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "GLSA-200303-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104897487512238\u0026w=2"
},
{
"name": "FreeBSD-SA-03:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc"
},
{
"name": "20030520 [Fwd: 127 Research and Development: 127 Day!]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/321997"
},
{
"name": "20030329 sendmail 8.12.9 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104896621106790\u0026w=2"
},
{
"name": "VU#897604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/897604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1001088",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1"
},
{
"name": "52620",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1"
},
{
"name": "20030401-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P"
},
{
"name": "7230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7230"
},
{
"name": "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104914999806315\u0026w=2"
},
{
"name": "RHSA-2003:120",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-120.html"
},
{
"name": "20030401 Immunix Secured OS 7+ openssl update",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"name": "DSA-278",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-278"
},
{
"name": "DSA-290",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-290"
},
{
"name": "IMNX-2003-7+-002-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"name": "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"refsource": "CONFIRM",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"name": "52700",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1"
},
{
"name": "CA-2003-12",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-12.html"
},
{
"name": "CSSA-2003-016.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt"
},
{
"name": "20030331 GLSA: sendmail (200303-27)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316961/30/25250/threaded"
},
{
"name": "RHSA-2003:121",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-121.html"
},
{
"name": "CLA-2003:614",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000614"
},
{
"name": "SCOSA-2004.11",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "GLSA-200303-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104897487512238\u0026w=2"
},
{
"name": "FreeBSD-SA-03:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc"
},
{
"name": "20030520 [Fwd: 127 Research and Development: 127 Day!]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/321997"
},
{
"name": "20030329 sendmail 8.12.9 available",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104896621106790\u0026w=2"
},
{
"name": "VU#897604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/897604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0161",
"datePublished": "2003-04-01T05:00:00.000Z",
"dateReserved": "2003-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:43:36.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0681 (GCVE-0-2003-0681)
Vulnerability from nvd – Published: 2003-09-18 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=106398718909274&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.sendmail.org/8.12.10.html | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2003-283.html | vendor-advisoryx_refsource_REDHAT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRAKE |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.kb.cert.org/vuls/id/108964 | third-party-advisoryx_refsource_CERT-VN |
| http://www.debian.org/security/2003/dsa-384 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=106383437615742&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/8649 | vdb-entryx_refsource_BID |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
Date Public
2003-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:11.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "oval:org.mitre.oval:def:595",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595"
},
{
"name": "MDKSA-2003:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:3606",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606"
},
{
"name": "VU#108964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/108964"
},
{
"name": "DSA-384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "sendmail-ruleset-parsing-bo(13216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "8649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8649"
},
{
"name": "CLA-2003:742",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "oval:org.mitre.oval:def:595",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595"
},
{
"name": "MDKSA-2003:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:3606",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606"
},
{
"name": "VU#108964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/108964"
},
{
"name": "DSA-384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "sendmail-ruleset-parsing-bo(13216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "8649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8649"
},
{
"name": "CLA-2003:742",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"name": "http://www.sendmail.org/8.12.10.html",
"refsource": "CONFIRM",
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "oval:org.mitre.oval:def:595",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595"
},
{
"name": "MDKSA-2003:092",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:3606",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606"
},
{
"name": "VU#108964",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/108964"
},
{
"name": "DSA-384",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "sendmail-ruleset-parsing-bo(13216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "8649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8649"
},
{
"name": "CLA-2003:742",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0681",
"datePublished": "2003-09-18T04:00:00.000Z",
"dateReserved": "2003-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:11.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0694 (GCVE-0-2003-0694)
Vulnerability from nvd – Published: 2003-09-18 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
Date Public
2003-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:11.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html"
},
{
"name": "CA-2003-25",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-25.html"
},
{
"name": "VU#784980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"name": "MDKSA-2003:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:603",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603"
},
{
"name": "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106382859407683\u0026w=2"
},
{
"name": "DSA-384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "SCOSA-2004.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "RHSA-2003:284",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-284.html"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html"
},
{
"name": "oval:org.mitre.oval:def:572",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381604923204\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975"
},
{
"name": "CLA-2003:742",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html"
},
{
"name": "CA-2003-25",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-25.html"
},
{
"name": "VU#784980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"name": "MDKSA-2003:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:603",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603"
},
{
"name": "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106382859407683\u0026w=2"
},
{
"name": "DSA-384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "SCOSA-2004.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "RHSA-2003:284",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-284.html"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html"
},
{
"name": "oval:org.mitre.oval:def:572",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381604923204\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975"
},
{
"name": "CLA-2003:742",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"name": "http://www.sendmail.org/8.12.10.html",
"refsource": "CONFIRM",
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"name": "RHSA-2003:283",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-283.html"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html"
},
{
"name": "CA-2003-25",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-25.html"
},
{
"name": "VU#784980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"name": "MDKSA-2003:092",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092"
},
{
"name": "oval:org.mitre.oval:def:603",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603"
},
{
"name": "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106382859407683\u0026w=2"
},
{
"name": "DSA-384",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"name": "SCOSA-2004.11",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "RHSA-2003:284",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-284.html"
},
{
"name": "20030917 GLSA: sendmail (200309-13)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"name": "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html"
},
{
"name": "oval:org.mitre.oval:def:572",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572"
},
{
"name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106381604923204\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2975",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975"
},
{
"name": "CLA-2003:742",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0694",
"datePublished": "2003-09-18T04:00:00.000Z",
"dateReserved": "2003-08-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:11.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0161 (GCVE-0-2003-0161)
Vulnerability from nvd – Published: 2003-04-01 05:00 – Updated: 2024-08-08 01:43
VLAI
Summary
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
24 references
Date Public
2003-03-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1001088",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1"
},
{
"name": "52620",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1"
},
{
"name": "20030401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P"
},
{
"name": "7230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7230"
},
{
"name": "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104914999806315\u0026w=2"
},
{
"name": "RHSA-2003:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-120.html"
},
{
"name": "20030401 Immunix Secured OS 7+ openssl update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"name": "DSA-278",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-278"
},
{
"name": "DSA-290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-290"
},
{
"name": "IMNX-2003-7+-002-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"name": "52700",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1"
},
{
"name": "CA-2003-12",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-12.html"
},
{
"name": "CSSA-2003-016.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt"
},
{
"name": "20030331 GLSA: sendmail (200303-27)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316961/30/25250/threaded"
},
{
"name": "RHSA-2003:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-121.html"
},
{
"name": "CLA-2003:614",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000614"
},
{
"name": "SCOSA-2004.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "GLSA-200303-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104897487512238\u0026w=2"
},
{
"name": "FreeBSD-SA-03:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc"
},
{
"name": "20030520 [Fwd: 127 Research and Development: 127 Day!]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/321997"
},
{
"name": "20030329 sendmail 8.12.9 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104896621106790\u0026w=2"
},
{
"name": "VU#897604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/897604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1001088",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1"
},
{
"name": "52620",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1"
},
{
"name": "20030401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P"
},
{
"name": "7230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7230"
},
{
"name": "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104914999806315\u0026w=2"
},
{
"name": "RHSA-2003:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-120.html"
},
{
"name": "20030401 Immunix Secured OS 7+ openssl update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"name": "DSA-278",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-278"
},
{
"name": "DSA-290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-290"
},
{
"name": "IMNX-2003-7+-002-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"name": "52700",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1"
},
{
"name": "CA-2003-12",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-12.html"
},
{
"name": "CSSA-2003-016.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt"
},
{
"name": "20030331 GLSA: sendmail (200303-27)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316961/30/25250/threaded"
},
{
"name": "RHSA-2003:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-121.html"
},
{
"name": "CLA-2003:614",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000614"
},
{
"name": "SCOSA-2004.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "GLSA-200303-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104897487512238\u0026w=2"
},
{
"name": "FreeBSD-SA-03:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc"
},
{
"name": "20030520 [Fwd: 127 Research and Development: 127 Day!]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/321997"
},
{
"name": "20030329 sendmail 8.12.9 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104896621106790\u0026w=2"
},
{
"name": "VU#897604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/897604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1001088",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1"
},
{
"name": "52620",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1"
},
{
"name": "20030401-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P"
},
{
"name": "7230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7230"
},
{
"name": "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104914999806315\u0026w=2"
},
{
"name": "RHSA-2003:120",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-120.html"
},
{
"name": "20030401 Immunix Secured OS 7+ openssl update",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"name": "DSA-278",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-278"
},
{
"name": "DSA-290",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-290"
},
{
"name": "IMNX-2003-7+-002-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"name": "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"refsource": "CONFIRM",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"name": "52700",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1"
},
{
"name": "CA-2003-12",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-12.html"
},
{
"name": "CSSA-2003-016.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt"
},
{
"name": "20030331 GLSA: sendmail (200303-27)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316961/30/25250/threaded"
},
{
"name": "RHSA-2003:121",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-121.html"
},
{
"name": "CLA-2003:614",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000614"
},
{
"name": "SCOSA-2004.11",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
},
{
"name": "GLSA-200303-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html"
},
{
"name": "20030329 Sendmail: -1 gone wild",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104897487512238\u0026w=2"
},
{
"name": "FreeBSD-SA-03:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc"
},
{
"name": "20030520 [Fwd: 127 Research and Development: 127 Day!]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/321997"
},
{
"name": "20030329 sendmail 8.12.9 available",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104896621106790\u0026w=2"
},
{
"name": "VU#897604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/897604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0161",
"datePublished": "2003-04-01T05:00:00.000Z",
"dateReserved": "2003-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:43:36.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1337 (GCVE-0-2002-1337)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI
Summary
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2003-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-073.html"
},
{
"name": "20030301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P"
},
{
"name": "IY40501",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40501\u0026apar=only"
},
{
"name": "20030303 Fwd: APPLE-SA-2003-03-03 sendmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678862109841\u0026w=2"
},
{
"name": "RHSA-2003:227",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-227.html"
},
{
"name": "6991",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6991"
},
{
"name": "VU#398025",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/398025"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sendmail.org/8.12.8.html"
},
{
"name": "DSA-257",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-257"
},
{
"name": "20030304 [LSD] Technical analysis of the remote sendmail vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678739608479\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2222",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222"
},
{
"name": "RHSA-2003:074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-074.html"
},
{
"name": "CA-2003-07",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-07.html"
},
{
"name": "20030303 sendmail 8.12.8 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104673778105192\u0026w=2"
},
{
"name": "MDKSA-2003:028",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028"
},
{
"name": "IY40500",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40500\u0026apar=only"
},
{
"name": "sendmail-header-processing-bo(10748)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10748.php"
},
{
"name": "CSSA-2003-SCO.6",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6"
},
{
"name": "CSSA-2003-SCO.5",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5"
},
{
"name": "CLA-2003:571",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000571"
},
{
"name": "NetBSD-SA2003-002",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc"
},
{
"name": "HPSBUX0302-246",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104679411316818\u0026w=2"
},
{
"name": "20030303 Remote Sendmail Header Processing Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950"
},
{
"name": "IY40502",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40502\u0026apar=only"
},
{
"name": "20030304 GLSA: sendmail (200303-4)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678862409849\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-21T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-073.html"
},
{
"name": "20030301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P"
},
{
"name": "IY40501",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40501\u0026apar=only"
},
{
"name": "20030303 Fwd: APPLE-SA-2003-03-03 sendmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678862109841\u0026w=2"
},
{
"name": "RHSA-2003:227",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-227.html"
},
{
"name": "6991",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6991"
},
{
"name": "VU#398025",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/398025"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sendmail.org/8.12.8.html"
},
{
"name": "DSA-257",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-257"
},
{
"name": "20030304 [LSD] Technical analysis of the remote sendmail vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678739608479\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2222",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222"
},
{
"name": "RHSA-2003:074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-074.html"
},
{
"name": "CA-2003-07",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-07.html"
},
{
"name": "20030303 sendmail 8.12.8 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104673778105192\u0026w=2"
},
{
"name": "MDKSA-2003:028",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028"
},
{
"name": "IY40500",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40500\u0026apar=only"
},
{
"name": "sendmail-header-processing-bo(10748)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10748.php"
},
{
"name": "CSSA-2003-SCO.6",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6"
},
{
"name": "CSSA-2003-SCO.5",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5"
},
{
"name": "CLA-2003:571",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000571"
},
{
"name": "NetBSD-SA2003-002",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc"
},
{
"name": "HPSBUX0302-246",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104679411316818\u0026w=2"
},
{
"name": "20030303 Remote Sendmail Header Processing Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950"
},
{
"name": "IY40502",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40502\u0026apar=only"
},
{
"name": "20030304 GLSA: sendmail (200303-4)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104678862409849\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-073.html"
},
{
"name": "20030301-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P"
},
{
"name": "IY40501",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40501\u0026apar=only"
},
{
"name": "20030303 Fwd: APPLE-SA-2003-03-03 sendmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104678862109841\u0026w=2"
},
{
"name": "RHSA-2003:227",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-227.html"
},
{
"name": "6991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6991"
},
{
"name": "VU#398025",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/398025"
},
{
"name": "http://www.sendmail.org/8.12.8.html",
"refsource": "CONFIRM",
"url": "http://www.sendmail.org/8.12.8.html"
},
{
"name": "DSA-257",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-257"
},
{
"name": "20030304 [LSD] Technical analysis of the remote sendmail vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104678739608479\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:2222",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222"
},
{
"name": "RHSA-2003:074",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-074.html"
},
{
"name": "CA-2003-07",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-07.html"
},
{
"name": "20030303 sendmail 8.12.8 available",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104673778105192\u0026w=2"
},
{
"name": "MDKSA-2003:028",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028"
},
{
"name": "IY40500",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40500\u0026apar=only"
},
{
"name": "sendmail-header-processing-bo(10748)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10748.php"
},
{
"name": "CSSA-2003-SCO.6",
"refsource": "CALDERA",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6"
},
{
"name": "CSSA-2003-SCO.5",
"refsource": "CALDERA",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5"
},
{
"name": "CLA-2003:571",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000571"
},
{
"name": "NetBSD-SA2003-002",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc"
},
{
"name": "HPSBUX0302-246",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=104679411316818\u0026w=2"
},
{
"name": "20030303 Remote Sendmail Header Processing Vulnerability",
"refsource": "ISS",
"url": "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950"
},
{
"name": "IY40502",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY40502\u0026apar=only"
},
{
"name": "20030304 GLSA: sendmail (200303-4)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104678862409849\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1337",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2002-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:19:28.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}