Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2003-0161

Published: 02/04/2003 Updated: 30/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sendmail

Vulnerability Summary

The prescan() function in the address parser (parseaddr.c) in Sendmail prior to 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing malicious users to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Vulnerable Product Search on Vulmon Subscribe to Product

sendmail sendmail 2.6

sendmail sendmail 8.10

sendmail sendmail 8.10.1

sendmail sendmail 8.11.6

sendmail sendmail 8.12.0

sendmail sendmail 8.12.7

sendmail sendmail 8.12.8

sendmail sendmail 8.9.1

sendmail sendmail 8.9.2

sendmail sendmail switch 2.2

sendmail sendmail switch 2.2.1

sendmail sendmail switch 3.0.2

sendmail sendmail switch 3.0.3

sendmail sendmail 3.0

sendmail sendmail 3.0.1

sendmail sendmail 8.11.1

sendmail sendmail 8.11.2

sendmail sendmail 8.11.3

sendmail sendmail 8.12.3

sendmail sendmail 8.12.4

sendmail sendmail 8.12

sendmail sendmail switch 2.1.1

sendmail sendmail switch 2.1.2

sendmail sendmail switch 2.1.3

sendmail sendmail switch 2.2.4

sendmail sendmail switch 2.2.5

sendmail sendmail 2.6.1

sendmail sendmail 2.6.2

sendmail sendmail 8.10.2

sendmail sendmail 8.11.0

sendmail sendmail 8.12.1

sendmail sendmail 8.12.2

sendmail sendmail 8.9.3

sendmail sendmail switch 2.1

sendmail sendmail switch 2.2.2

sendmail sendmail switch 2.2.3

sendmail sendmail 3.0.2

sendmail sendmail 3.0.3

sendmail sendmail 8.11.4

sendmail sendmail 8.11.5

sendmail sendmail 8.12.5

sendmail sendmail 8.12.6

sendmail sendmail 8.9.0

sendmail sendmail switch 2.1.4

sendmail sendmail switch 2.1.5

sendmail sendmail switch 3.0

sendmail sendmail switch 3.0.1

compaq tru64 4.0f_pk7_bl18

compaq tru64 4.0g

compaq tru64 4.0d

compaq tru64 4.0d_pk9_bl17

compaq tru64 5.0_pk4_bl18

compaq tru64 5.0a

compaq tru64 5.1_pk6_bl20

compaq tru64 5.1a

hp hp-ux 10.01

hp hp-ux 10.08

hp hp-ux 10.34

compaq tru64 4.0b

compaq tru64 4.0g_pk3_bl17

compaq tru64 5.0

compaq tru64 5.0_pk4_bl17

compaq tru64 5.1_pk4_bl18

compaq tru64 5.1_pk5_bl19

compaq tru64 5.1b_pk1_bl1

hp hp-ux 10.00

hp hp-ux 10.26

hp hp-ux 10.30

hp hp-ux series 700 10.20

hp hp-ux series 800 10.20

sun solaris 2.5.1

sun solaris 2.5

sun solaris 9.0

hp hp-ux 11.0.4

hp sis

sun sunos 5.4

sun solaris 2.6

sun sunos -

compaq tru64 5.1

compaq tru64 5.1_pk3_bl17

compaq tru64 5.1a_pk3_bl3

compaq tru64 5.1b

hp hp-ux 10.16

hp hp-ux 10.20

hp hp-ux 10.24

hp hp-ux 11.20

hp hp-ux 11.22

sun sunos 5.5.1

sun solaris 8.0

compaq tru64 4.0f

compaq tru64 4.0f_pk6_bl17

compaq tru64 5.0a_pk3_bl17

compaq tru64 5.0f

compaq tru64 5.1a_pk1_bl1

compaq tru64 5.1a_pk2_bl2

hp hp-ux 10.09

hp hp-ux 10.10

hp hp-ux 11.00

hp hp-ux 11.11

sun solaris 2.4

sun sunos 5.5

sun sunos 5.7

sun solaris 7.0

sun sunos 5.8

Vendor Advisories

Debian Security Advisories: DSA-290-1 sendmail-wide -- char-to-int conversion
Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent This problem is potentially remotely exploitable For the stable distribution (woody) this problem has been fixed in version 8123+35Wbeta-54 For the o ...

Exploits

Exploit DB: Sendmail 8.12.8 (BSD) - 'Prescan()' Remote Command Execution
/* * Sendmail 8128 prescan() PROOF OF CONCEPT exploit by bysin * * This is to prove that the bug in sendmail 8128 and below is vulnerable * On sucessful POC exploitation the program should crash with the following: * * Program received signal SIGSEGV, Segmentation fault * 0x5c5c5c5c in ?? () * */ #include <sys/typesh> #inclu ...
Exploit DB: Sendmail 8.11.6 - Address Prescan Memory Corruption
/* source: wwwsecurityfocuscom/bid/7230/info A vulnerability in Sendmail may be exploited remotely to execute arbitrary code The flaw is present in the 'prescan()' procedure, which is used for processing email addresses in SMTP headers This condition has been confirmed to be exploitable by remote attackers to execute instructions on ta ...

Github Repositories

https://github.com/byte-mug/cumes

CUMES - C Unrestricted Mail Exchange Server (under construction)

(!) UNDER CONSTRUCTION CUMES - C Unrestricted Mail Exchange Server CUMES is (or will be) a free and secure MTA, partially inspired by qmail Under construction Unrestricted: CUMES is not Free, but with restrictions, Software, but MIT-Licensed You can do (almost) everything with the code Motivation Every few months, or even days, another security hole shows up in sendmail, p

References

NVD-CWE-Otherhttp://www.cert.org/advisories/CA-2003-12.htmlhttp://www.securityfocus.com/bid/7230http://www.redhat.com/support/errata/RHSA-2003-120.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.htmlhttp://www.kb.cert.org/vuls/id/897604ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.aschttp://www.redhat.com/support/errata/RHSA-2003-121.htmlftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txtftp://patches.sgi.com/support/free/security/advisories/20030401-01-Pftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txthttp://www.debian.org/security/2003/dsa-278http://www.debian.org/security/2003/dsa-290http://lists.apple.com/mhonarc/security-announce/msg00028.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614http://www.securityfocus.com/archive/1/321997http://www.gentoo.org/security/en/glsa/glsa-200303-27.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1http://marc.info/?l=bugtraq&m=104896621106790&w=2http://marc.info/?l=bugtraq&m=104914999806315&w=2http://marc.info/?l=bugtraq&m=104897487512238&w=2http://www.securityfocus.com/archive/1/317135/30/25220/threadedhttp://www.securityfocus.com/archive/1/316961/30/25250/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-290https://github.com/byte-mug/cumeshttps://www.exploit-db.com/exploits/24/https://www.kb.cert.org/vuls/id/897604
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook