Vulnerability CVE-2002-1337
Published: 2003-03-07   Modified: 2012-02-12

Description:
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Windriver -> Bsdos 
Windriver -> Platform sa 
SUN -> Solaris 
SUN -> Sunos 
SGI -> Freeware 
Sendmail -> Advanced message server 
Sendmail -> Sendmail 
Sendmail -> Sendmail switch 
Netbsd -> Netbsd 
HP -> Alphaserver sc 
HP -> Hp-ux 
Gentoo -> Linux 

 References:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
http://marc.info/?l=bugtraq&m=104673778105192&w=2
http://marc.info/?l=bugtraq&m=104678739608479&w=2
http://marc.info/?l=bugtraq&m=104678862109841&w=2
http://marc.info/?l=bugtraq&m=104678862409849&w=2
http://marc.info/?l=bugtraq&m=104679411316818&w=2
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
http://www.cert.org/advisories/CA-2003-07.html
http://www.debian.org/security/2003/dsa-257
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
http://www.iss.net/security_center/static/10748.php
http://www.kb.cert.org/vuls/id/398025
http://www.redhat.com/support/errata/RHSA-2003-073.html
http://www.redhat.com/support/errata/RHSA-2003-074.html
http://www.redhat.com/support/errata/RHSA-2003-227.html
http://www.securityfocus.com/bid/6991
http://www.sendmail.org/8.12.8.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
Copyright 2024, cxsecurity.com

 

Back to Top