CVE-2003-0161

Current Description

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Basic Data

Published	April 02, 2003
Last Modified	October 30, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	COMPLETE
CVSS 2 - Availability Impact	COMPLETE
CVSS 2 - Base Score	10.0
Severity	HIGH
Exploitability Score	10.0
Impact Score	10.0
Obtain All Privilege	true
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	Application	Sendmail	Sendmail	2.6	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	2.6.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	2.6.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	3.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	3.0.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	3.0.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	3.0.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.9.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.9.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.9.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.9.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.10	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.10.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.10.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.4	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.5	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.6	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta10	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta12	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta16	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta5	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta7	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.4	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.5	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.6	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.7	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.8	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.4	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.5	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.4	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.5	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	3.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	3.0.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	3.0.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	3.0.3	*	*	*	*	*	*	*

OR - Configuration 2

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Compaq	Tru64	4.0b	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0d	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0d_pk9_bl17	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0f	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0f_pk6_bl17	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0f_pk7_bl18	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0g	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0g_pk3_bl17	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.0	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.0_pk4_bl17	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.0_pk4_bl18	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.0a	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.0a_pk3_bl17	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.0f	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1_pk3_bl17	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1_pk4_bl18	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1_pk5_bl19	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1_pk6_bl20	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a_pk1_bl1	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a_pk2_bl2	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a_pk3_bl3	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1b	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1b_pk1_bl1	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.00	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.01	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.08	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.09	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.10	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.16	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.20	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.24	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.26	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.30	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	10.34	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	11.00	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	11.0.4	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	11.11	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	11.20	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	11.22	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux Series 700	10.20	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux Series 800	10.20	*	*	*	*	*	*	*
2.3	OS	Hp	Sis	*	*	*	*	*	*	*	*
2.3	OS	Sun	Solaris	2.4	*	x86	*	*	*	*	*
2.3	OS	Sun	Solaris	2.5	*	x86	*	*	*	*	*
2.3	OS	Sun	Solaris	2.5.1	*	ppc	*	*	*	*	*
2.3	OS	Sun	Solaris	2.5.1	*	x86	*	*	*	*	*
2.3	OS	Sun	Solaris	2.6	*	*	*	*	*	*	*
2.3	OS	Sun	Solaris	7.0	*	x86	*	*	*	*	*
2.3	OS	Sun	Solaris	8.0	*	x86	*	*	*	*	*
2.3	OS	Sun	Solaris	9.0	*	sparc	*	*	*	*	*
2.3	OS	Sun	Solaris	9.0	*	x86	*	*	*	*	*
2.3	OS	Sun	Solaris	9.0	x86_update_2	*	*	*	*	*	*
2.3	OS	Sun	Sunos	-	*	*	*	*	*	*	*
2.3	OS	Sun	Sunos	5.4	*	*	*	*	*	*	*
2.3	OS	Sun	Sunos	5.5	*	*	*	*	*	*	*
2.3	OS	Sun	Sunos	5.5.1	*	*	*	*	*	*	*
2.3	OS	Sun	Sunos	5.7	*	*	*	*	*	*	*
2.3	OS	Sun	Sunos	5.8	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Sendmail	Sendmail Switch	2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 3.0, 3.0.1, 3.0.2, 3.0.3
Sendmail	Sendmail	2.6, 2.6.1, 2.6.2, 3.0, 3.0.1, 3.0.2, 3.0.3, 8.10, 8.10.1, 8.10.2, 8.11.0, 8.11.1, 8.11.2, 8.11.3, 8.11.4, 8.11.5, 8.11.6, 8.12, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.12.4, 8.12.5, 8.12.6, 8.12.7, 8.12.8, 8.9.0, 8.9.1, 8.9.2, 8.9.3
Hp	Hp-ux Series 700	10.20
Hp	Hp-ux Series 800	10.20
Hp	Hp-ux	10.00, 10.01, 10.08, 10.09, 10.10, 10.16, 10.20, 10.24, 10.26, 10.30, 10.34, 11.0.4, 11.00, 11.11, 11.20, 11.22
Hp	Sis	*
Sun	Solaris	2.4, 2.5, 2.5.1, 2.6, 7.0, 8.0, 9.0
Sun	Sunos	-, 5.4, 5.5, 5.5.1, 5.7, 5.8
Compaq	Tru64	4.0b, 4.0d, 4.0d_pk9_bl17, 4.0f, 4.0f_pk6_bl17, 4.0f_pk7_bl18, 4.0g, 4.0g_pk3_bl17, 5.0, 5.0_pk4_bl17, 5.0_pk4_bl18, 5.0a, 5.0a_pk3_bl17, 5.0f, 5.1, 5.1_pk3_bl17, 5.1_pk4_bl18, 5.1_pk5_bl19, 5.1_pk6_bl20, 5.1a, 5.1a_pk1_bl1, 5.1a_pk2_bl2, 5.1a_pk3_bl3, 5.1b, 5.1b_pk1_bl1

References

Name	Source	URL	Tags
CSSA-2003-016.0	ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt	CALDERA
FreeBSD-SA-03:07	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc	FREEBSD
SCOSA-2004.11	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt	SCO
20030401-01-P	ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P	SGI
CLA-2003:614	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614	CONECTIVA
http://lists.apple.com/mhonarc/security-announce/msg00028.html	http://lists.apple.com/mhonarc/security-announce/msg00028.html	CONFIRM
20030329 Sendmail: -1 gone wild	http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html	FULLDISC
20030329 sendmail 8.12.9 available	http://marc.info/?l=bugtraq&m=104896621106790&w=2	BUGTRAQ
20030329 Sendmail: -1 gone wild	http://marc.info/?l=bugtraq&m=104897487512238&w=2	BUGTRAQ
20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)	http://marc.info/?l=bugtraq&m=104914999806315&w=2	BUGTRAQ
52620	http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1	SUNALERT
52700	http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1	SUNALERT
1001088	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1	SUNALERT
CA-2003-12	http://www.cert.org/advisories/CA-2003-12.html	CERT	PATCH Third Party Advisory US Government Resource
DSA-278	http://www.debian.org/security/2003/dsa-278	DEBIAN
DSA-290	http://www.debian.org/security/2003/dsa-290	DEBIAN
GLSA-200303-27	http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml	GENTOO
VU#897604	http://www.kb.cert.org/vuls/id/897604	CERT-VN	US Government Resource
RHSA-2003:120	http://www.redhat.com/support/errata/RHSA-2003-120.html	REDHAT	PATCH Vendor Advisory
RHSA-2003:121	http://www.redhat.com/support/errata/RHSA-2003-121.html	REDHAT
20030331 GLSA: sendmail (200303-27)	http://www.securityfocus.com/archive/1/316961/30/25250/threaded	BUGTRAQ
20030401 Immunix Secured OS 7+ openssl update	http://www.securityfocus.com/archive/1/317135/30/25220/threaded	BUGTRAQ
20030520 [Fwd: 127 Research and Development: 127 Day!]	http://www.securityfocus.com/archive/1/321997	BUGTRAQ
7230	http://www.securityfocus.com/bid/7230	BID	PATCH Vendor Advisory