CVE-2003-0694

Severity

99%

Complexity

99%

Confidentiality

165%

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 21 years ago

2003-10-06 04:00:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Sendmail Sendmail Advanced Message Server 1.2

1.2

Sendmail Sendmail Advanced Message Server 1.3

1.3

Sendmail Sendmail 2.6

2.6

Sendmail Sendmail 2.6.1

2.6.1

Sendmail Sendmail 2.6.2

2.6.2

Sendmail Sendmail 3.0

3.0

Sendmail Sendmail 3.0.1

3.0.1

Sendmail Sendmail 3.0.2

3.0.2

Sendmail Sendmail 3.0.3

3.0.3

Sendmail Sendmail 8.8.8

8.8.8

Sendmail Sendmail 8.9.0

8.9.0

Sendmail Sendmail 8.9.1

8.9.1

Sendmail Sendmail 8.9.2

8.9.2

Sendmail Sendmail 8.9.3

8.9.3

Sendmail Sendmail 8.10

8.10

Sendmail Sendmail 8.10.1

8.10.1

Sendmail Sendmail 8.10.2

8.10.2

Sendmail Sendmail 8.11

8.11.0

Sendmail Sendmail 8.11.1

8.11.1

Sendmail Sendmail 8.11.2

8.11.2

Sendmail Sendmail 8.11.3

8.11.3

Sendmail Sendmail 8.11.4

8.11.4

Sendmail Sendmail 8.11.5

8.11.5

Sendmail Sendmail 8.11.6

8.11.6

Sendmail Sendmail 8.12 Beta10

8.12

Sendmail Sendmail 8.12 Beta12

8.12

Sendmail Sendmail 8.12 Beta16

8.12

Sendmail Sendmail 8.12 Beta5

8.12

Sendmail Sendmail 8.12 beta7

8.12

Sendmail Sendmail 8.12.0

8.12.0

Sendmail Sendmail 8.12.1

8.12.1

Sendmail Sendmail 8.12.2

8.12.2

Sendmail Sendmail 8.12.3

8.12.3

Sendmail Sendmail 8.12.4

8.12.4

Sendmail Sendmail 8.12.5

8.12.5

Sendmail Sendmail 8.12.6

8.12.6

Sendmail Sendmail 8.12.7

8.12.7

Sendmail Sendmail 8.12.8

8.12.8

Sendmail Sendmail 8.12.9

8.12.9

Sendmail Sendmail Pro 8.9.2

8.9.2

Sendmail Sendmail Pro 8.9.3

8.9.3

SGI IRIX 6.5.15

6.5.15

SGI IRIX 6.5.16

6.5.16

SGI IRIX 6.5.17f

6.5.17f

SGI IRIX 6.5.17m

6.5.17m

SGI IRIX 6.5.18f

6.5.18f

SGI IRIX 6.5.18m

6.5.18m

SGI IRIX 6.5.19f

6.5.19f

SGI IRIX 6.5.19m

6.5.19m

SGI IRIX 6.5.20f

6.5.20f

SGI IRIX 6.5.20m

6.5.20m

SGI IRIX 6.5.21f

6.5.21f

SGI IRIX 6.5.21m

6.5.21m

Apple Mac OS X 10.2

10.2

Apple Mac OS X 10.2.1

10.2.1

Apple Mac OS X 10.2.2

10.2.2

Apple Mac OS X 10.2.3

10.2.3

Apple Mac OS X 10.2.4

10.2.4

Apple Mac OS X 10.2.5

10.2.5

Apple Mac OS X 10.2.6

10.2.6

Apple Mac OS X Server 10.2

10.2

Apple Mac OS X Server 10.2.1

10.2.1

Apple Mac OS X Server 10.2.2

10.2.2

Apple Mac OS X Server 10.2.3

10.2.3

Apple Mac OS X Server 10.2.4

10.2.4

Apple Mac OS X Server 10.2.5

10.2.5

Apple Mac OS X Server 10.2.6

10.2.6

Compaq Tru64 4.0f

4.0f

Compaq Tru64 4.0f PK6_BL17

4.0f_pk6_bl17

Compaq Tru64 4.0f PK7_BL18

4.0f_pk7_bl18

Compaq Tru64 4.0f PK8_BL22

4.0f_pk8_bl22

Compaq Tru64 4.0g

4.0g

Compaq Tru64 4.0g PK3_BL17

4.0g_pk3_bl17

Compaq Tru64 4.0g PK4_BL22

4.0g_pk4_bl22

Compaq Tru64 5.1

5.1

Compaq Tru64 5.1 PK3_BL17

5.1_pk3_bl17

Compaq Tru64 5.1 PK4_BL18

5.1_pk4_bl18

Compaq Tru64 5.1 PK5_BL19

5.1_pk5_bl19

Compaq Tru64 5.1 PK6_BL20

5.1_pk6_bl20

Compaq Tru64 5.1a

5.1a

Compaq Tru64 5.1a PK1_BL1

5.1a_pk1_bl1

Compaq Tru64 5.1a PK2_BL2

5.1a_pk2_bl2

Compaq Tru64 5.1a PK3_BL3

5.1a_pk3_bl3

Compaq Tru64 5.1a PK4_BL21

5.1a_pk4_bl21

Compaq Tru64 5.1a PK5_BL23

5.1a_pk5_bl23

Compaq Tru64 5.1b

5.1b

Compaq Tru64 5.1b PK1_BL1

5.1b_pk1_bl1

Compaq Tru64 5.1b PK2_BL22

5.1b_pk2_bl22

Gentoo Linux 1.2

1.2

Gentoo Linux 1.4 rc1

1.4

Gentoo Linux 1.4 rc2

1.4

Gentoo Linux 1.4 rc3

1.4

HP-UX 11.00

11.00

HP HP-UX 11.0.4

11.0.4

HP-UX 11.11

11.11

HP-UX 11i v1.6

11.22

IBM AIX 4.3.3

4.3.3

IBM AIX 5.1

5.1

IBM AIX 5.2

5.2

NetBSD 1.4.3

1.4.3

NetBSD 1.5

1.5

NetBSD 1.5.1

1.5.1

NetBSD 1.5.2

1.5.2

NetBSD 1.5.3

1.5.3

NetBSD 1.6

1.6

NetBSD 1.6 Beta

1.6

NetBSD 1.6.1

1.6.1

Sun Solaris 2.6

2.6

Sun SunOS (formerly Solaris)

Sun Microsystems Solaris 7

5.7

Sun SunOS (Solaris 8) 5.8

5.8

References

SCOSA-2004.11

20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]

20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug

CLA-2003:742

20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]

20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)

20030917 GLSA: sendmail (200309-13)

20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)

CA-2003-25

Patch, Third Party Advisory, US Government Resource

DSA-384

VU#784980

US Government Resource

MDKSA-2003:092

RHSA-2003:283

RHSA-2003:284

http://www.sendmail.org/8.12.10.html

Patch

oval:org.mitre.oval:def:2975

oval:org.mitre.oval:def:572

oval:org.mitre.oval:def:603

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.