CVE-2003-0694

Current Description

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Basic Data

Published	October 06, 2003
Last Modified	October 30, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	COMPLETE
CVSS 2 - Availability Impact	COMPLETE
CVSS 2 - Base Score	10.0
Severity	HIGH
Exploitability Score	10.0
Impact Score	10.0
Obtain All Privilege	true
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	Application	Sendmail	Advanced Message Server	1.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Advanced Message Server	1.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	2.6	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	2.6.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	2.6.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	3.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	3.0.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	3.0.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	3.0.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.8.8	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.9.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.9.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.9.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.9.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.10	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.10.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.10.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.4	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.5	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.11.6	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta10	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta12	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta16	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta5	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12	beta7	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.4	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.5	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.6	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.7	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.8	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail	8.12.9	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Pro	8.9.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Pro	8.9.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.4	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.1.5	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.3	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.4	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	2.2.5	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	3.0	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	3.0.1	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	3.0.2	*	*	*	*	*	*	*
2.3	Application	Sendmail	Sendmail Switch	3.0.3	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.15	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.16	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.17f	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.17m	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.18f	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.18m	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.19f	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.19m	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.20f	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.20m	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.21f	*	*	*	*	*	*	*
2.3	OS	Sgi	Irix	6.5.21m	*	*	*	*	*	*	*

OR - Configuration 2

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Apple	Mac Os X	10.2	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X	10.2.1	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X	10.2.2	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X	10.2.3	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X	10.2.4	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X	10.2.5	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X	10.2.6	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X Server	10.2	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X Server	10.2.1	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X Server	10.2.2	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X Server	10.2.3	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X Server	10.2.4	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X Server	10.2.5	*	*	*	*	*	*	*
2.3	OS	Apple	Mac Os X Server	10.2.6	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0f	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0f_pk6_bl17	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0f_pk7_bl18	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0f_pk8_bl22	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0g	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0g_pk3_bl17	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	4.0g_pk4_bl22	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1_pk3_bl17	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1_pk4_bl18	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1_pk5_bl19	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1_pk6_bl20	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a_pk1_bl1	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a_pk2_bl2	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a_pk3_bl3	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a_pk4_bl21	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1a_pk5_bl23	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1b	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1b_pk1_bl1	*	*	*	*	*	*	*
2.3	OS	Compaq	Tru64	5.1b_pk2_bl22	*	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	3.0	releng	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.0	releng	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.3	release_p38	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.3	releng	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.4	release_p42	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.4	releng	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.5	release_p32	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.5	releng	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.6	release_p20	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.6	releng	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.7	release_p17	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.7	releng	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.8	release_p6	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.8	releng	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	4.9	pre-release	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	5.0	release_p14	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	5.0	releng	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	5.1	release_p5	*	*	*	*	*	*
2.3	OS	Freebsd	Freebsd	5.1	releng	*	*	*	*	*	*
2.3	OS	Gentoo	Linux	0.5	*	*	*	*	*	*	*
2.3	OS	Gentoo	Linux	0.7	*	*	*	*	*	*	*
2.3	OS	Gentoo	Linux	1.1a	*	*	*	*	*	*	*
2.3	OS	Gentoo	Linux	1.2	*	*	*	*	*	*	*
2.3	OS	Gentoo	Linux	1.4	rc1	*	*	*	*	*	*
2.3	OS	Gentoo	Linux	1.4	rc2	*	*	*	*	*	*
2.3	OS	Gentoo	Linux	1.4	rc3	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	11.00	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	11.0.4	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	11.11	*	*	*	*	*	*	*
2.3	OS	Hp	Hp-ux	11.22	*	*	*	*	*	*	*
2.3	OS	Ibm	Aix	4.3.3	*	*	*	*	*	*	*
2.3	OS	Ibm	Aix	5.1	*	*	*	*	*	*	*
2.3	OS	Ibm	Aix	5.2	*	*	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.4.3	*	*	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.5	*	*	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.5	*	sh3	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.5	*	x86	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.5.1	*	*	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.5.2	*	*	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.5.3	*	*	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.6	*	*	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.6	beta	*	*	*	*	*	*
2.3	OS	Netbsd	Netbsd	1.6.1	*	*	*	*	*	*	*
2.3	OS	Sun	Solaris	2.6	*	*	*	*	*	*	*
2.3	OS	Sun	Solaris	7.0	*	x86	*	*	*	*	*
2.3	OS	Sun	Solaris	8.0	*	x86	*	*	*	*	*
2.3	OS	Sun	Solaris	9.0	*	sparc	*	*	*	*	*
2.3	OS	Sun	Solaris	9.0	*	x86	*	*	*	*	*
2.3	OS	Sun	Sunos	-	*	*	*	*	*	*	*
2.3	OS	Sun	Sunos	5.7	*	*	*	*	*	*	*
2.3	OS	Sun	Sunos	5.8	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Advanced Server	6.0	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Server	6.1	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Server	6.5	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Server	7.0	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Server	8.0	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Workstation	6.0	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Workstation	7.0	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Workstation	8.0	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Sendmail	Sendmail Pro	8.9.2, 8.9.3
Sendmail	Advanced Message Server	1.2, 1.3
Sendmail	Sendmail Switch	2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 3.0, 3.0.1, 3.0.2, 3.0.3
Sendmail	Sendmail	2.6, 2.6.1, 2.6.2, 3.0, 3.0.1, 3.0.2, 3.0.3, 8.10, 8.10.1, 8.10.2, 8.11.0, 8.11.1, 8.11.2, 8.11.3, 8.11.4, 8.11.5, 8.11.6, 8.12, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.12.4, 8.12.5, 8.12.6, 8.12.7, 8.12.8, 8.12.9, 8.8.8, 8.9.0, 8.9.1, 8.9.2, 8.9.3
Apple	Mac Os X Server	10.2, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6
Apple	Mac Os X	10.2, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6
Freebsd	Freebsd	3.0, 4.0, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1
Netbsd	Netbsd	1.4.3, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1
Sgi	Irix	6.5.15, 6.5.16, 6.5.17f, 6.5.17m, 6.5.18f, 6.5.18m, 6.5.19f, 6.5.19m, 6.5.20f, 6.5.20m, 6.5.21f, 6.5.21m
Hp	Hp-ux	11.0.4, 11.00, 11.11, 11.22
Turbolinux	Turbolinux Advanced Server	6.0
Turbolinux	Turbolinux Server	6.1, 6.5, 7.0, 8.0
Turbolinux	Turbolinux Workstation	6.0, 7.0, 8.0
Ibm	Aix	4.3.3, 5.1, 5.2
Sun	Solaris	2.6, 7.0, 8.0, 9.0
Sun	Sunos	-, 5.7, 5.8
Compaq	Tru64	4.0f, 4.0f_pk6_bl17, 4.0f_pk7_bl18, 4.0f_pk8_bl22, 4.0g, 4.0g_pk3_bl17, 4.0g_pk4_bl22, 5.1, 5.1_pk3_bl17, 5.1_pk4_bl18, 5.1_pk5_bl19, 5.1_pk6_bl20, 5.1a, 5.1a_pk1_bl1, 5.1a_pk2_bl2, 5.1a_pk3_bl3, 5.1a_pk4_bl21, 5.1a_pk5_bl23, 5.1b, 5.1b_pk1_bl1, 5.1b_pk2_bl22
Gentoo	Linux	0.5, 0.7, 1.1a, 1.2, 1.4

References

Name	Source	URL	Tags
SCOSA-2004.11	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt	SCO
20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]	http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html	FULLDISC
20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug	http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html	VULNWATCH
CLA-2003:742	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742	CONECTIVA
20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]	http://marc.info/?l=bugtraq&m=106381604923204&w=2	BUGTRAQ
20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)	http://marc.info/?l=bugtraq&m=106382859407683&w=2	BUGTRAQ
20030917 GLSA: sendmail (200309-13)	http://marc.info/?l=bugtraq&m=106383437615742&w=2	BUGTRAQ
20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)	http://marc.info/?l=bugtraq&m=106398718909274&w=2	BUGTRAQ
CA-2003-25	http://www.cert.org/advisories/CA-2003-25.html	CERT	Patch Third Party Advisory US Government Resource
DSA-384	http://www.debian.org/security/2003/dsa-384	DEBIAN
VU#784980	http://www.kb.cert.org/vuls/id/784980	CERT-VN	US Government Resource
MDKSA-2003:092	http://www.mandriva.com/security/advisories?name=MDKSA-2003:092	MANDRAKE
RHSA-2003:283	http://www.redhat.com/support/errata/RHSA-2003-283.html	REDHAT
RHSA-2003:284	http://www.redhat.com/support/errata/RHSA-2003-284.html	REDHAT
http://www.sendmail.org/8.12.10.html	http://www.sendmail.org/8.12.10.html	CONFIRM	Patch
oval:org.mitre.oval:def:2975	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975	OVAL
oval:org.mitre.oval:def:572	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572	OVAL
oval:org.mitre.oval:def:603	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603	OVAL