Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2003-0161

Published: 02/04/2003 Updated: 30/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The prescan() function in the address parser (parseaddr.c) in Sendmail prior to 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing malicious users to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Vulnerable Product Search on Vulmon Subscribe to Product

sendmail sendmail switch 2.1.2

sendmail sendmail switch 3.0.2

sendmail sendmail switch 2.2.2

sendmail sendmail 2.6.2

sendmail sendmail 8.9.2

sendmail sendmail switch 2.1.1

sendmail sendmail 8.11.4

sendmail sendmail 8.12

sendmail sendmail 2.6

sendmail sendmail 8.11.1

sendmail sendmail 8.11.0

sendmail sendmail switch 2.1.3

sendmail sendmail 8.12.3

sendmail sendmail 8.11.3

sendmail sendmail switch 2.2.1

sendmail sendmail 2.6.1

sendmail sendmail 8.12.8

sendmail sendmail 8.9.1

sendmail sendmail switch 2.2

sendmail sendmail 8.10.2

sendmail sendmail 8.12.4

sendmail sendmail 8.9.0

sendmail sendmail 3.0.3

sendmail sendmail 8.10.1

sendmail sendmail switch 2.1

sendmail sendmail 8.12.1

sendmail sendmail 8.11.6

sendmail sendmail 8.12.5

sendmail sendmail switch 2.2.3

sendmail sendmail switch 2.1.5

sendmail sendmail 8.10

sendmail sendmail switch 3.0

sendmail sendmail 8.9.3

sendmail sendmail switch 2.2.5

sendmail sendmail 8.12.0

sendmail sendmail 8.12.6

sendmail sendmail switch 3.0.1

sendmail sendmail 3.0.2

sendmail sendmail 8.12.2

sendmail sendmail 3.0

sendmail sendmail 8.11.2

sendmail sendmail 3.0.1

sendmail sendmail 8.12.7

sendmail sendmail switch 2.2.4

sendmail sendmail switch 3.0.3

sendmail sendmail 8.11.5

sendmail sendmail switch 2.1.4

hp hp-ux series 800 10.20

hp hp-ux 10.30

compaq tru64 5.0a pk3 bl17

hp hp-ux 11.11

compaq tru64 5.1 pk3 bl17

hp hp-ux 10.01

sun solaris 2.4

hp sis

hp hp-ux 10.00

compaq tru64 4.0d pk9 bl17

hp hp-ux 10.26

sun solaris 2.5.1

sun solaris 2.5

compaq tru64 5.1 pk4 bl18

compaq tru64 4.0d

compaq tru64 5.0 pk4 bl18

compaq tru64 5.0 pk4 bl17

compaq tru64 5.0

compaq tru64 5.1b pk1 bl1

sun sunos 5.7

compaq tru64 4.0f pk6 bl17

compaq tru64 4.0g

hp hp-ux 10.34

compaq tru64 4.0g pk3 bl17

sun sunos 5.5

sun sunos 5.8

sun solaris 9.0

compaq tru64 5.0a

hp hp-ux series 700 10.20

hp hp-ux 11.00

compaq tru64 5.1a pk3 bl3

compaq tru64 4.0f

hp hp-ux 11.0.4

compaq tru64 4.0b

hp hp-ux 10.24

sun solaris 7.0

hp hp-ux 11.22

compaq tru64 5.1 pk6 bl20

compaq tru64 5.1 pk5 bl19

sun sunos 5.4

compaq tru64 5.1a

hp hp-ux 10.08

sun sunos 5.5.1

hp hp-ux 10.20

compaq tru64 5.1b

compaq tru64 5.1

compaq tru64 5.1a pk2 bl2

hp hp-ux 10.09

compaq tru64 5.0f

compaq tru64 4.0f pk7 bl18

hp hp-ux 11.20

hp hp-ux 10.10

sun solaris 2.6

compaq tru64 5.1a pk1 bl1

sun solaris 8.0

hp hp-ux 10.16

sun sunos -

Vendor Advisories

Debian Security Advisories: DSA-290-1 sendmail-wide -- char-to-int conversion
Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent This problem is potentially remotely exploitable For the stable distribution (woody) this problem has been fixed in version 8123+35Wbeta-54 For the o ...

Exploits

Exploit DB: Sendmail 8.12.8 (BSD) - 'Prescan()' Remote Command Execution
/* * Sendmail 8128 prescan() PROOF OF CONCEPT exploit by bysin * * This is to prove that the bug in sendmail 8128 and below is vulnerable * On sucessful POC exploitation the program should crash with the following: * * Program received signal SIGSEGV, Segmentation fault * 0x5c5c5c5c in ?? () * */ #include <sys/typesh> #inclu ...
Exploit DB: Sendmail 8.11.6 - Address Prescan Memory Corruption
/* source: wwwsecurityfocuscom/bid/7230/info A vulnerability in Sendmail may be exploited remotely to execute arbitrary code The flaw is present in the 'prescan()' procedure, which is used for processing email addresses in SMTP headers This condition has been confirmed to be exploitable by remote attackers to execute instructions on ta ...

Github Repositories

https://github.com/byte-mug/cumes

CUMES - C Unrestricted Mail Exchange Server (under construction)

(!) UNDER CONSTRUCTION CUMES - C Unrestricted Mail Exchange Server CUMES is (or will be) a free and secure MTA, partially inspired by qmail Under construction Unrestricted: CUMES is not Free, but with restrictions, Software, but MIT-Licensed You can do (almost) everything with the code Motivation Every few months, or even days, another security hole shows up in sendmail, p

References

NVD-CWE-Otherhttp://www.cert.org/advisories/CA-2003-12.htmlhttp://www.securityfocus.com/bid/7230http://www.redhat.com/support/errata/RHSA-2003-120.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.htmlhttp://www.kb.cert.org/vuls/id/897604ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.aschttp://www.redhat.com/support/errata/RHSA-2003-121.htmlftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txtftp://patches.sgi.com/support/free/security/advisories/20030401-01-Pftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txthttp://www.debian.org/security/2003/dsa-278http://www.debian.org/security/2003/dsa-290http://lists.apple.com/mhonarc/security-announce/msg00028.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614http://www.securityfocus.com/archive/1/321997http://www.gentoo.org/security/en/glsa/glsa-200303-27.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1http://marc.info/?l=bugtraq&m=104896621106790&w=2http://marc.info/?l=bugtraq&m=104914999806315&w=2http://marc.info/?l=bugtraq&m=104897487512238&w=2http://www.securityfocus.com/archive/1/317135/30/25220/threadedhttp://www.securityfocus.com/archive/1/316961/30/25250/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-290https://github.com/byte-mug/cumeshttps://www.exploit-db.com/exploits/24/https://www.kb.cert.org/vuls/id/897604
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4541CVE-2024-3080CVE-2024-4787log injectionCVE-2024-5967injectCVE-2024-30078CVE-2024-5899
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook