CVE-2003-0694

Current Description

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Basic Data

PublishedOctober 06, 2003
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSendmailAdvanced Message Server1.2*******
    2.3ApplicationSendmailAdvanced Message Server1.3*******
    2.3ApplicationSendmailSendmail2.6*******
    2.3ApplicationSendmailSendmail2.6.1*******
    2.3ApplicationSendmailSendmail2.6.2*******
    2.3ApplicationSendmailSendmail3.0*******
    2.3ApplicationSendmailSendmail3.0.1*******
    2.3ApplicationSendmailSendmail3.0.2*******
    2.3ApplicationSendmailSendmail3.0.3*******
    2.3ApplicationSendmailSendmail8.8.8*******
    2.3ApplicationSendmailSendmail8.9.0*******
    2.3ApplicationSendmailSendmail8.9.1*******
    2.3ApplicationSendmailSendmail8.9.2*******
    2.3ApplicationSendmailSendmail8.9.3*******
    2.3ApplicationSendmailSendmail8.10*******
    2.3ApplicationSendmailSendmail8.10.1*******
    2.3ApplicationSendmailSendmail8.10.2*******
    2.3ApplicationSendmailSendmail8.11.0*******
    2.3ApplicationSendmailSendmail8.11.1*******
    2.3ApplicationSendmailSendmail8.11.2*******
    2.3ApplicationSendmailSendmail8.11.3*******
    2.3ApplicationSendmailSendmail8.11.4*******
    2.3ApplicationSendmailSendmail8.11.5*******
    2.3ApplicationSendmailSendmail8.11.6*******
    2.3ApplicationSendmailSendmail8.12beta10******
    2.3ApplicationSendmailSendmail8.12beta12******
    2.3ApplicationSendmailSendmail8.12beta16******
    2.3ApplicationSendmailSendmail8.12beta5******
    2.3ApplicationSendmailSendmail8.12beta7******
    2.3ApplicationSendmailSendmail8.12.0*******
    2.3ApplicationSendmailSendmail8.12.1*******
    2.3ApplicationSendmailSendmail8.12.2*******
    2.3ApplicationSendmailSendmail8.12.3*******
    2.3ApplicationSendmailSendmail8.12.4*******
    2.3ApplicationSendmailSendmail8.12.5*******
    2.3ApplicationSendmailSendmail8.12.6*******
    2.3ApplicationSendmailSendmail8.12.7*******
    2.3ApplicationSendmailSendmail8.12.8*******
    2.3ApplicationSendmailSendmail8.12.9*******
    2.3ApplicationSendmailSendmail Pro8.9.2*******
    2.3ApplicationSendmailSendmail Pro8.9.3*******
    2.3ApplicationSendmailSendmail Switch2.1*******
    2.3ApplicationSendmailSendmail Switch2.1.1*******
    2.3ApplicationSendmailSendmail Switch2.1.2*******
    2.3ApplicationSendmailSendmail Switch2.1.3*******
    2.3ApplicationSendmailSendmail Switch2.1.4*******
    2.3ApplicationSendmailSendmail Switch2.1.5*******
    2.3ApplicationSendmailSendmail Switch2.2*******
    2.3ApplicationSendmailSendmail Switch2.2.1*******
    2.3ApplicationSendmailSendmail Switch2.2.2*******
    2.3ApplicationSendmailSendmail Switch2.2.3*******
    2.3ApplicationSendmailSendmail Switch2.2.4*******
    2.3ApplicationSendmailSendmail Switch2.2.5*******
    2.3ApplicationSendmailSendmail Switch3.0*******
    2.3ApplicationSendmailSendmail Switch3.0.1*******
    2.3ApplicationSendmailSendmail Switch3.0.2*******
    2.3ApplicationSendmailSendmail Switch3.0.3*******
    2.3OSSgiIrix6.5.15*******
    2.3OSSgiIrix6.5.16*******
    2.3OSSgiIrix6.5.17f*******
    2.3OSSgiIrix6.5.17m*******
    2.3OSSgiIrix6.5.18f*******
    2.3OSSgiIrix6.5.18m*******
    2.3OSSgiIrix6.5.19f*******
    2.3OSSgiIrix6.5.19m*******
    2.3OSSgiIrix6.5.20f*******
    2.3OSSgiIrix6.5.20m*******
    2.3OSSgiIrix6.5.21f*******
    2.3OSSgiIrix6.5.21m*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSAppleMac Os X10.2*******
    2.3OSAppleMac Os X10.2.1*******
    2.3OSAppleMac Os X10.2.2*******
    2.3OSAppleMac Os X10.2.3*******
    2.3OSAppleMac Os X10.2.4*******
    2.3OSAppleMac Os X10.2.5*******
    2.3OSAppleMac Os X10.2.6*******
    2.3OSAppleMac Os X Server10.2*******
    2.3OSAppleMac Os X Server10.2.1*******
    2.3OSAppleMac Os X Server10.2.2*******
    2.3OSAppleMac Os X Server10.2.3*******
    2.3OSAppleMac Os X Server10.2.4*******
    2.3OSAppleMac Os X Server10.2.5*******
    2.3OSAppleMac Os X Server10.2.6*******
    2.3OSCompaqTru644.0f*******
    2.3OSCompaqTru644.0f_pk6_bl17*******
    2.3OSCompaqTru644.0f_pk7_bl18*******
    2.3OSCompaqTru644.0f_pk8_bl22*******
    2.3OSCompaqTru644.0g*******
    2.3OSCompaqTru644.0g_pk3_bl17*******
    2.3OSCompaqTru644.0g_pk4_bl22*******
    2.3OSCompaqTru645.1*******
    2.3OSCompaqTru645.1_pk3_bl17*******
    2.3OSCompaqTru645.1_pk4_bl18*******
    2.3OSCompaqTru645.1_pk5_bl19*******
    2.3OSCompaqTru645.1_pk6_bl20*******
    2.3OSCompaqTru645.1a*******
    2.3OSCompaqTru645.1a_pk1_bl1*******
    2.3OSCompaqTru645.1a_pk2_bl2*******
    2.3OSCompaqTru645.1a_pk3_bl3*******
    2.3OSCompaqTru645.1a_pk4_bl21*******
    2.3OSCompaqTru645.1a_pk5_bl23*******
    2.3OSCompaqTru645.1b*******
    2.3OSCompaqTru645.1b_pk1_bl1*******
    2.3OSCompaqTru645.1b_pk2_bl22*******
    2.3OSFreebsdFreebsd3.0releng******
    2.3OSFreebsdFreebsd4.0releng******
    2.3OSFreebsdFreebsd4.3release_p38******
    2.3OSFreebsdFreebsd4.3releng******
    2.3OSFreebsdFreebsd4.4release_p42******
    2.3OSFreebsdFreebsd4.4releng******
    2.3OSFreebsdFreebsd4.5release_p32******
    2.3OSFreebsdFreebsd4.5releng******
    2.3OSFreebsdFreebsd4.6release_p20******
    2.3OSFreebsdFreebsd4.6releng******
    2.3OSFreebsdFreebsd4.7release_p17******
    2.3OSFreebsdFreebsd4.7releng******
    2.3OSFreebsdFreebsd4.8release_p6******
    2.3OSFreebsdFreebsd4.8releng******
    2.3OSFreebsdFreebsd4.9pre-release******
    2.3OSFreebsdFreebsd5.0release_p14******
    2.3OSFreebsdFreebsd5.0releng******
    2.3OSFreebsdFreebsd5.1release_p5******
    2.3OSFreebsdFreebsd5.1releng******
    2.3OSGentooLinux0.5*******
    2.3OSGentooLinux0.7*******
    2.3OSGentooLinux1.1a*******
    2.3OSGentooLinux1.2*******
    2.3OSGentooLinux1.4rc1******
    2.3OSGentooLinux1.4rc2******
    2.3OSGentooLinux1.4rc3******
    2.3OSHpHp-ux11.00*******
    2.3OSHpHp-ux11.0.4*******
    2.3OSHpHp-ux11.11*******
    2.3OSHpHp-ux11.22*******
    2.3OSIbmAix4.3.3*******
    2.3OSIbmAix5.1*******
    2.3OSIbmAix5.2*******
    2.3OSNetbsdNetbsd1.4.3*******
    2.3OSNetbsdNetbsd1.5*******
    2.3OSNetbsdNetbsd1.5*sh3*****
    2.3OSNetbsdNetbsd1.5*x86*****
    2.3OSNetbsdNetbsd1.5.1*******
    2.3OSNetbsdNetbsd1.5.2*******
    2.3OSNetbsdNetbsd1.5.3*******
    2.3OSNetbsdNetbsd1.6*******
    2.3OSNetbsdNetbsd1.6beta******
    2.3OSNetbsdNetbsd1.6.1*******
    2.3OSSunSolaris2.6*******
    2.3OSSunSolaris7.0*x86*****
    2.3OSSunSolaris8.0*x86*****
    2.3OSSunSolaris9.0*sparc*****
    2.3OSSunSolaris9.0*x86*****
    2.3OSSunSunos-*******
    2.3OSSunSunos5.7*******
    2.3OSSunSunos5.8*******
    2.3OSTurbolinuxTurbolinux Advanced Server6.0*******
    2.3OSTurbolinuxTurbolinux Server6.1*******
    2.3OSTurbolinuxTurbolinux Server6.5*******
    2.3OSTurbolinuxTurbolinux Server7.0*******
    2.3OSTurbolinuxTurbolinux Server8.0*******
    2.3OSTurbolinuxTurbolinux Workstation6.0*******
    2.3OSTurbolinuxTurbolinux Workstation7.0*******
    2.3OSTurbolinuxTurbolinux Workstation8.0*******

Vulnerable Software List

VendorProductVersions
Sendmail Sendmail Pro 8.9.2, 8.9.3
Sendmail Advanced Message Server 1.2, 1.3
Sendmail Sendmail Switch 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 3.0, 3.0.1, 3.0.2, 3.0.3
Sendmail Sendmail 2.6, 2.6.1, 2.6.2, 3.0, 3.0.1, 3.0.2, 3.0.3, 8.10, 8.10.1, 8.10.2, 8.11.0, 8.11.1, 8.11.2, 8.11.3, 8.11.4, 8.11.5, 8.11.6, 8.12, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.12.4, 8.12.5, 8.12.6, 8.12.7, 8.12.8, 8.12.9, 8.8.8, 8.9.0, 8.9.1, 8.9.2, 8.9.3
Apple Mac Os X Server 10.2, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6
Apple Mac Os X 10.2, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6
Freebsd Freebsd 3.0, 4.0, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1
Netbsd Netbsd 1.4.3, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1
Sgi Irix 6.5.15, 6.5.16, 6.5.17f, 6.5.17m, 6.5.18f, 6.5.18m, 6.5.19f, 6.5.19m, 6.5.20f, 6.5.20m, 6.5.21f, 6.5.21m
Hp Hp-ux 11.0.4, 11.00, 11.11, 11.22
Turbolinux Turbolinux Advanced Server 6.0
Turbolinux Turbolinux Server 6.1, 6.5, 7.0, 8.0
Turbolinux Turbolinux Workstation 6.0, 7.0, 8.0
Ibm Aix 4.3.3, 5.1, 5.2
Sun Solaris 2.6, 7.0, 8.0, 9.0
Sun Sunos -, 5.7, 5.8
Compaq Tru64 4.0f, 4.0f_pk6_bl17, 4.0f_pk7_bl18, 4.0f_pk8_bl22, 4.0g, 4.0g_pk3_bl17, 4.0g_pk4_bl22, 5.1, 5.1_pk3_bl17, 5.1_pk4_bl18, 5.1_pk5_bl19, 5.1_pk6_bl20, 5.1a, 5.1a_pk1_bl1, 5.1a_pk2_bl2, 5.1a_pk3_bl3, 5.1a_pk4_bl21, 5.1a_pk5_bl23, 5.1b, 5.1b_pk1_bl1, 5.1b_pk2_bl22
Gentoo Linux 0.5, 0.7, 1.1a, 1.2, 1.4

References

NameSourceURLTags
SCOSA-2004.11ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txtSCO
20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.htmlFULLDISC
20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bughttp://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.htmlVULNWATCH
CLA-2003:742http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742CONECTIVA
20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]http://marc.info/?l=bugtraq&m=106381604923204&w=2BUGTRAQ
20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)http://marc.info/?l=bugtraq&m=106382859407683&w=2BUGTRAQ
20030917 GLSA: sendmail (200309-13)http://marc.info/?l=bugtraq&m=106383437615742&w=2BUGTRAQ
20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)http://marc.info/?l=bugtraq&m=106398718909274&w=2BUGTRAQ
CA-2003-25http://www.cert.org/advisories/CA-2003-25.htmlCERTPATCH Third Party Advisory US Government Resource
DSA-384http://www.debian.org/security/2003/dsa-384DEBIAN
VU#784980http://www.kb.cert.org/vuls/id/784980CERT-VNUS Government Resource
MDKSA-2003:092http://www.mandriva.com/security/advisories?name=MDKSA-2003:092MANDRAKE
RHSA-2003:283http://www.redhat.com/support/errata/RHSA-2003-283.htmlREDHAT
RHSA-2003:284http://www.redhat.com/support/errata/RHSA-2003-284.htmlREDHAT
http://www.sendmail.org/8.12.10.htmlhttp://www.sendmail.org/8.12.10.htmlCONFIRMPATCH
oval:org.mitre.oval:def:2975https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975OVAL
oval:org.mitre.oval:def:572https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572OVAL
oval:org.mitre.oval:def:603https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603OVAL