CVE-2003-0057

Current Description

Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.

Basic Data

PublishedFebruary 19, 2003
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationHypermailHypermail2.0b25*******
    2.3ApplicationHypermailHypermail2.1.1*******
    2.3ApplicationHypermailHypermail2.1.2*******
    2.3ApplicationHypermailHypermail2.1.3*******
    2.3ApplicationHypermailHypermail2.1.4*******
    2.3ApplicationHypermailHypermail2.1.5*******
    2.3ApplicationHypermailHypermail2.1_.0*******

Vulnerable Software List

VendorProductVersions
Hypermail Hypermail 2.0b25, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1_.0

References

NameSourceURLTags
20030126 Hypermail buffer overflowshttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0042.htmlVULNWATCH
20030127 Hypermail buffer overflowshttp://marc.info/?l=bugtraq&m=104369136703903&w=2BUGTRAQ
8030http://secunia.com/advisories/8030SECUNIA
DSA-248http://www.debian.org/security/2003/dsa-248DEBIAN
6689http://www.securityfocus.com/bid/6689BID
6690http://www.securityfocus.com/bid/6690BID
hypermail-mail-attachment-bo(11157)https://exchange.xforce.ibmcloud.com/vulnerabilities/11157XF
hypermail-long-hostname-bo(11158)https://exchange.xforce.ibmcloud.com/vulnerabilities/11158XF