CVE-2003-0161
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD
Description
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Affected (111)
Products: Sendmail: Sendmail, Sendmail Switch · Compaq: Tru64 · Hp: Hp Ux, Hp Ux Series 700, Hp Ux Series 800, Sis · +1 more
Show all products
Sendmail: Sendmail, Sendmail Switch · Compaq: Tru64 · Hp: Hp Ux, Hp Ux Series 700, Hp Ux Series 800, Sis · Sun: Solaris, Sunos
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.6.1 | |
| Version 2.1.1 |
References (50)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt (unsafe URL)
Source: cve@mitre.org
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc (unsafe URL)
Source: cve@mitre.org
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt (unsafe URL)
Source: cve@mitre.org
ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P (unsafe URL)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
PatchThird Party AdvisoryUS Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.