CVE-2003-0681

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742

http://marc.info/?l=bugtraq&m=106383437615742&w=2

http://marc.info/?l=bugtraq&m=106398718909274&w=2

http://www.debian.org/security/2003/dsa-384

http://www.kb.cert.org/vuls/id/108964

http://www.mandriva.com/security/advisories?name=MDKSA-2003:092

http://www.redhat.com/support/errata/RHSA-2003-283.html

http://www.securityfocus.com/bid/8649

http://www.sendmail.org/8.12.10.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/13216

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595

Details

Source: MITRE

Published: 2003-10-06

Updated: 2018-05-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_pro:8.9.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_pro:8.9.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:6.5:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
26135HP-UX PHNE_35485 : s700_800 11.23 sendmail(1M) 8.11.1 patchNessusHP-UX Local Security Checks
critical
26134HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patchNessusHP-UX Local Security Checks
critical
26133HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patchNessusHP-UX Local Security Checks
critical
16855HP-UX PHNE_29912 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)NessusHP-UX Local Security Checks
critical
16704HP-UX PHNE_30224 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)NessusHP-UX Local Security Checks
critical
15221Debian DSA-384-1 : sendmail - buffer overflowsNessusDebian Local Security Checks
critical
2043Sendmail < 8.12.10 prescan() Function Remote OverflowNessus Network MonitorSMTP Servers
medium
14074Mandrake Linux Security Advisory : sendmail (MDKSA-2003:092)NessusMandriva Local Security Checks
critical
11838Sendmail < 8.12.10 prescan() Function Remote OverflowNessusSMTP problems
critical