CVE-2003-0161

Current Description

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Basic Data

PublishedApril 02, 2003
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSendmailSendmail2.6*******
    2.3ApplicationSendmailSendmail2.6.1*******
    2.3ApplicationSendmailSendmail2.6.2*******
    2.3ApplicationSendmailSendmail3.0*******
    2.3ApplicationSendmailSendmail3.0.1*******
    2.3ApplicationSendmailSendmail3.0.2*******
    2.3ApplicationSendmailSendmail3.0.3*******
    2.3ApplicationSendmailSendmail8.9.0*******
    2.3ApplicationSendmailSendmail8.9.1*******
    2.3ApplicationSendmailSendmail8.9.2*******
    2.3ApplicationSendmailSendmail8.9.3*******
    2.3ApplicationSendmailSendmail8.10*******
    2.3ApplicationSendmailSendmail8.10.1*******
    2.3ApplicationSendmailSendmail8.10.2*******
    2.3ApplicationSendmailSendmail8.11.0*******
    2.3ApplicationSendmailSendmail8.11.1*******
    2.3ApplicationSendmailSendmail8.11.2*******
    2.3ApplicationSendmailSendmail8.11.3*******
    2.3ApplicationSendmailSendmail8.11.4*******
    2.3ApplicationSendmailSendmail8.11.5*******
    2.3ApplicationSendmailSendmail8.11.6*******
    2.3ApplicationSendmailSendmail8.12beta10******
    2.3ApplicationSendmailSendmail8.12beta12******
    2.3ApplicationSendmailSendmail8.12beta16******
    2.3ApplicationSendmailSendmail8.12beta5******
    2.3ApplicationSendmailSendmail8.12beta7******
    2.3ApplicationSendmailSendmail8.12.0*******
    2.3ApplicationSendmailSendmail8.12.1*******
    2.3ApplicationSendmailSendmail8.12.2*******
    2.3ApplicationSendmailSendmail8.12.3*******
    2.3ApplicationSendmailSendmail8.12.4*******
    2.3ApplicationSendmailSendmail8.12.5*******
    2.3ApplicationSendmailSendmail8.12.6*******
    2.3ApplicationSendmailSendmail8.12.7*******
    2.3ApplicationSendmailSendmail8.12.8*******
    2.3ApplicationSendmailSendmail Switch2.1*******
    2.3ApplicationSendmailSendmail Switch2.1.1*******
    2.3ApplicationSendmailSendmail Switch2.1.2*******
    2.3ApplicationSendmailSendmail Switch2.1.3*******
    2.3ApplicationSendmailSendmail Switch2.1.4*******
    2.3ApplicationSendmailSendmail Switch2.1.5*******
    2.3ApplicationSendmailSendmail Switch2.2*******
    2.3ApplicationSendmailSendmail Switch2.2.1*******
    2.3ApplicationSendmailSendmail Switch2.2.2*******
    2.3ApplicationSendmailSendmail Switch2.2.3*******
    2.3ApplicationSendmailSendmail Switch2.2.4*******
    2.3ApplicationSendmailSendmail Switch2.2.5*******
    2.3ApplicationSendmailSendmail Switch3.0*******
    2.3ApplicationSendmailSendmail Switch3.0.1*******
    2.3ApplicationSendmailSendmail Switch3.0.2*******
    2.3ApplicationSendmailSendmail Switch3.0.3*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCompaqTru644.0b*******
    2.3OSCompaqTru644.0d*******
    2.3OSCompaqTru644.0d_pk9_bl17*******
    2.3OSCompaqTru644.0f*******
    2.3OSCompaqTru644.0f_pk6_bl17*******
    2.3OSCompaqTru644.0f_pk7_bl18*******
    2.3OSCompaqTru644.0g*******
    2.3OSCompaqTru644.0g_pk3_bl17*******
    2.3OSCompaqTru645.0*******
    2.3OSCompaqTru645.0_pk4_bl17*******
    2.3OSCompaqTru645.0_pk4_bl18*******
    2.3OSCompaqTru645.0a*******
    2.3OSCompaqTru645.0a_pk3_bl17*******
    2.3OSCompaqTru645.0f*******
    2.3OSCompaqTru645.1*******
    2.3OSCompaqTru645.1_pk3_bl17*******
    2.3OSCompaqTru645.1_pk4_bl18*******
    2.3OSCompaqTru645.1_pk5_bl19*******
    2.3OSCompaqTru645.1_pk6_bl20*******
    2.3OSCompaqTru645.1a*******
    2.3OSCompaqTru645.1a_pk1_bl1*******
    2.3OSCompaqTru645.1a_pk2_bl2*******
    2.3OSCompaqTru645.1a_pk3_bl3*******
    2.3OSCompaqTru645.1b*******
    2.3OSCompaqTru645.1b_pk1_bl1*******
    2.3OSHpHp-ux10.00*******
    2.3OSHpHp-ux10.01*******
    2.3OSHpHp-ux10.08*******
    2.3OSHpHp-ux10.09*******
    2.3OSHpHp-ux10.10*******
    2.3OSHpHp-ux10.16*******
    2.3OSHpHp-ux10.20*******
    2.3OSHpHp-ux10.24*******
    2.3OSHpHp-ux10.26*******
    2.3OSHpHp-ux10.30*******
    2.3OSHpHp-ux10.34*******
    2.3OSHpHp-ux11.00*******
    2.3OSHpHp-ux11.0.4*******
    2.3OSHpHp-ux11.11*******
    2.3OSHpHp-ux11.20*******
    2.3OSHpHp-ux11.22*******
    2.3OSHpHp-ux Series 70010.20*******
    2.3OSHpHp-ux Series 80010.20*******
    2.3OSHpSis********
    2.3OSSunSolaris2.4*x86*****
    2.3OSSunSolaris2.5*x86*****
    2.3OSSunSolaris2.5.1*ppc*****
    2.3OSSunSolaris2.5.1*x86*****
    2.3OSSunSolaris2.6*******
    2.3OSSunSolaris7.0*x86*****
    2.3OSSunSolaris8.0*x86*****
    2.3OSSunSolaris9.0*sparc*****
    2.3OSSunSolaris9.0*x86*****
    2.3OSSunSolaris9.0x86_update_2******
    2.3OSSunSunos-*******
    2.3OSSunSunos5.4*******
    2.3OSSunSunos5.5*******
    2.3OSSunSunos5.5.1*******
    2.3OSSunSunos5.7*******
    2.3OSSunSunos5.8*******

Vulnerable Software List

VendorProductVersions
Sendmail Sendmail Switch 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 3.0, 3.0.1, 3.0.2, 3.0.3
Sendmail Sendmail 2.6, 2.6.1, 2.6.2, 3.0, 3.0.1, 3.0.2, 3.0.3, 8.10, 8.10.1, 8.10.2, 8.11.0, 8.11.1, 8.11.2, 8.11.3, 8.11.4, 8.11.5, 8.11.6, 8.12, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.12.4, 8.12.5, 8.12.6, 8.12.7, 8.12.8, 8.9.0, 8.9.1, 8.9.2, 8.9.3
Hp Hp-ux Series 700 10.20
Hp Hp-ux Series 800 10.20
Hp Hp-ux 10.00, 10.01, 10.08, 10.09, 10.10, 10.16, 10.20, 10.24, 10.26, 10.30, 10.34, 11.0.4, 11.00, 11.11, 11.20, 11.22
Hp Sis *
Sun Solaris 2.4, 2.5, 2.5.1, 2.6, 7.0, 8.0, 9.0
Sun Sunos -, 5.4, 5.5, 5.5.1, 5.7, 5.8
Compaq Tru64 4.0b, 4.0d, 4.0d_pk9_bl17, 4.0f, 4.0f_pk6_bl17, 4.0f_pk7_bl18, 4.0g, 4.0g_pk3_bl17, 5.0, 5.0_pk4_bl17, 5.0_pk4_bl18, 5.0a, 5.0a_pk3_bl17, 5.0f, 5.1, 5.1_pk3_bl17, 5.1_pk4_bl18, 5.1_pk5_bl19, 5.1_pk6_bl20, 5.1a, 5.1a_pk1_bl1, 5.1a_pk2_bl2, 5.1a_pk3_bl3, 5.1b, 5.1b_pk1_bl1

References

NameSourceURLTags
CSSA-2003-016.0ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txtCALDERA
FreeBSD-SA-03:07ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.ascFREEBSD
SCOSA-2004.11ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txtSCO
20030401-01-Pftp://patches.sgi.com/support/free/security/advisories/20030401-01-PSGI
CLA-2003:614http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614CONECTIVA
http://lists.apple.com/mhonarc/security-announce/msg00028.htmlhttp://lists.apple.com/mhonarc/security-announce/msg00028.htmlCONFIRM
20030329 Sendmail: -1 gone wildhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.htmlFULLDISC
20030329 sendmail 8.12.9 availablehttp://marc.info/?l=bugtraq&m=104896621106790&w=2BUGTRAQ
20030329 Sendmail: -1 gone wildhttp://marc.info/?l=bugtraq&m=104897487512238&w=2BUGTRAQ
20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)http://marc.info/?l=bugtraq&m=104914999806315&w=2BUGTRAQ
52620http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1SUNALERT
52700http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1SUNALERT
1001088http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1SUNALERT
CA-2003-12http://www.cert.org/advisories/CA-2003-12.htmlCERTPATCH Third Party Advisory US Government Resource
DSA-278http://www.debian.org/security/2003/dsa-278DEBIAN
DSA-290http://www.debian.org/security/2003/dsa-290DEBIAN
GLSA-200303-27http://www.gentoo.org/security/en/glsa/glsa-200303-27.xmlGENTOO
VU#897604http://www.kb.cert.org/vuls/id/897604CERT-VNUS Government Resource
RHSA-2003:120http://www.redhat.com/support/errata/RHSA-2003-120.htmlREDHATPATCH Vendor Advisory
RHSA-2003:121http://www.redhat.com/support/errata/RHSA-2003-121.htmlREDHAT
20030331 GLSA: sendmail (200303-27)http://www.securityfocus.com/archive/1/316961/30/25250/threadedBUGTRAQ
20030401 Immunix Secured OS 7+ openssl updatehttp://www.securityfocus.com/archive/1/317135/30/25220/threadedBUGTRAQ
20030520 [Fwd: 127 Research and Development: 127 Day!]http://www.securityfocus.com/archive/1/321997BUGTRAQ
7230http://www.securityfocus.com/bid/7230BIDPATCH Vendor Advisory