CVE-2003-0688

Published: Oct 20, 2003Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

Affected (26)

Products: Redhat: Sendmail · Sendmail: Sendmail · Sgi: Irix · +3 more

Show all products

Redhat: Sendmail · Sendmail: Sendmail · Sgi: Irix · Compaq: Tru64 · Freebsd: Freebsd · Openbsd: Openbsd

1 product

1 product

1 product

1 product

1 product

1 product

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Redhat Sendmail	Version 8.12.5-7
Redhat Sendmail	Version 8.12.5-7
Redhat Sendmail	Version 8.12.5-7
Redhat Sendmail	Version 8.12.5-7
Redhat Sendmail	Version 8.12.8-4
Redhat Sendmail	Version 8.12.8-4
Redhat Sendmail	Version 8.12.8-4
Redhat Sendmail	Version 8.12.8-4
Sendmail Sendmail	Version 8.12.1
Sendmail Sendmail	Version 8.12.2
Sendmail Sendmail	Version 8.12.3
Sendmail Sendmail	Version 8.12.4
Sendmail Sendmail	Version 8.12.5
Sendmail Sendmail	Version 8.12.6
Sendmail Sendmail	Version 8.12.7
Sendmail Sendmail	Version 8.12.8
Sgi Irix	Version 6.5.19
Sgi Irix	Version 6.5.20
Sgi Irix	Version 6.5.21

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Compaq Tru64	Version 5.0a
Compaq Tru64	Version 5.1
Freebsd Freebsd	Version 4.6
Freebsd Freebsd	Version 4.7
Freebsd Freebsd	Version 4.8
Freebsd Freebsd	Version 5.0
Openbsd Openbsd	Version 3.2