CVE-2003-0161

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt

ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614

http://lists.apple.com/mhonarc/security-announce/msg00028.html

http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html

http://marc.info/?l=bugtraq&m=104896621106790&w=2

http://marc.info/?l=bugtraq&m=104897487512238&w=2

http://marc.info/?l=bugtraq&m=104914999806315&w=2

http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1

http://www.cert.org/advisories/CA-2003-12.html

http://www.debian.org/security/2003/dsa-278

http://www.debian.org/security/2003/dsa-290

http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml

http://www.kb.cert.org/vuls/id/897604

http://www.redhat.com/support/errata/RHSA-2003-120.html

http://www.redhat.com/support/errata/RHSA-2003-121.html

http://www.securityfocus.com/archive/1/316961/30/25250/threaded

http://www.securityfocus.com/archive/1/317135/30/25220/threaded

http://www.securityfocus.com/archive/1/321997

http://www.securityfocus.com/bid/7230

Details

Source: MITRE

Published: 2003-04-02

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*

cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*

cpe:2.3:o:hp:sis:*:*:*:*:*:*:*:*

cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*

cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*

cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*

cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*

cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*

cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*

cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*

cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*

cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*

cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*

cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*

cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*

cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*

cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*

cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*

cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
26134HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patchNessusHP-UX Local Security Checks
critical
26133HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patchNessusHP-UX Local Security Checks
critical
16898HP-UX PHNE_29526 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patchNessusHP-UX Local Security Checks
critical
16634HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patchNessusHP-UX Local Security Checks
critical
15127Debian DSA-290-1 : sendmail-wide - char-to-int conversionNessusDebian Local Security Checks
critical
15115Debian DSA-278-1 : sendmail - char-to-int conversionNessusDebian Local Security Checks
critical
2031Sendmail < 8.12.9 NOCHAR Value OverflowNessus Network MonitorSMTP Servers
high
14026Mandrake Linux Security Advisory : sendmail (MDKSA-2003:042-1)NessusMandriva Local Security Checks
critical
12385RHEL 2.1 : sendmail (RHSA-2003:121)NessusRed Hat Local Security Checks
critical
11499Sendmail < 8.12.9 NOCHAR Control Value prescan OverflowNessusSMTP problems
critical