Vulnerability CVE-2002-1337


Published: 2003-03-07   Modified: 2012-02-12

Description:
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Type:

CWE-Other

Vendor: SUN
Product: Solaris 
Version:
9.0
8.0
7.0
2.6
Product: Sunos 
Version: 5.8; 5.7;
Vendor: Sendmail
Product: Sendmail 
Version:
8.9.3
8.9.2
8.9.1
8.9.0
8.8.8
8.12.7
8.12.6
8.12.5
8.12.4
8.12.3
8.12.2
8.12.1
8.12.0
8.12
8.11.6
8.11.5
8.11.4
8.11.3
8.11.2
8.11.1
8.11.0
8.10.2
8.10.1
8.10
5.65
5.61
5.59
3.0.2
3.0.1
3.0
2.6.1
2.6
Product: Sendmail switch 
Version:
3.0.2
3.0.1
3.0
2.2.4
2.2.3
2.2.2
2.2.1
2.2
2.1.4
2.1.3
2.1.2
2.1.1
2.1
Product: Advanced message server 
Version: 1.3; 1.2;
Vendor: Windriver
Product: Bsdos 
Version:
5.0
4.3.1
4.2
Product: Platform sa 
Version: 1.0;
Vendor: HP
Product: Hp-ux 
Version:
11.22
11.11
11.00
11.0.4
10.20
10.10
Product: Alphaserver sc 
Vendor: Netbsd
Product: Netbsd 
Version:
1.6
1.5.3
1.5.2
1.5.1
1.5
Vendor: Gentoo
Product: Linux 
Version: 1.4;
Vendor: SGI
Product: Freeware 
Version: 1.0;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
http://marc.info/?l=bugtraq&m=104673778105192&w=2
http://marc.info/?l=bugtraq&m=104678739608479&w=2
http://marc.info/?l=bugtraq&m=104678862109841&w=2
http://marc.info/?l=bugtraq&m=104678862409849&w=2
http://marc.info/?l=bugtraq&m=104679411316818&w=2
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
http://www.cert.org/advisories/CA-2003-07.html
http://www.debian.org/security/2003/dsa-257
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
http://www.iss.net/security_center/static/10748.php
http://www.kb.cert.org/vuls/id/398025
http://www.redhat.com/support/errata/RHSA-2003-073.html
http://www.redhat.com/support/errata/RHSA-2003-074.html
http://www.redhat.com/support/errata/RHSA-2003-227.html
http://www.securityfocus.com/bid/6991
http://www.sendmail.org/8.12.8.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222

Related CVE
CVE-2012-2150
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.
CVE-2012-5530
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
CVE-2012-3420
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src...
CVE-2012-3421
The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related...
CVE-2012-3418
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds f...
CVE-2012-3419
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
CVE-2010-1039
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers...
CVE-2007-4938
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nE...

Copyright 2019, cxsecurity.com

 

Back to Top