Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2003-0694

Published: 06/10/2003 Updated: 30/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sendmail

Vulnerability Summary

The prescan function in Sendmail 8.12.9 allows remote malicious users to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sendmail advanced message server 1.3

sendmail sendmail 2.6

sendmail sendmail 8.10

sendmail sendmail 8.10.1

sendmail sendmail 8.11.5

sendmail sendmail 8.11.6

sendmail sendmail 8.12.7

sendmail sendmail 3.0

sendmail sendmail 3.0.1

sendmail sendmail 8.11.1

sendmail sendmail 8.11.2

sendmail sendmail 8.12.2

sendmail sendmail 8.12.3

sendmail sendmail 8.12

sendmail sendmail 8.9.3

sendmail advanced message server 1.2

sendmail sendmail 3.0.2

sendmail sendmail 3.0.3

sendmail sendmail 8.11.3

sendmail sendmail 8.11.4

sendmail sendmail 8.12.4

sendmail sendmail 8.12.5

sendmail sendmail 8.12.6

sendmail sendmail pro 8.9.3

sendmail sendmail switch 2.1

sendmail sendmail switch 2.2.2

sendmail sendmail switch 2.2.3

sgi irix 6.5.15

sgi irix 6.5.16

sgi irix 6.5.20f

sgi irix 6.5.20m

sendmail sendmail 8.12.8

sendmail sendmail 8.8.8

sendmail sendmail 8.9.0

sendmail sendmail switch 2.1.1

sendmail sendmail switch 2.1.2

sendmail sendmail switch 2.2.4

sendmail sendmail switch 2.2.5

sgi irix 6.5.17f

sgi irix 6.5.17m

sgi irix 6.5.21f

sgi irix 6.5.21m

sendmail sendmail pro 8.9.2

sendmail sendmail switch 2.1.5

sendmail sendmail switch 2.2

sendmail sendmail switch 2.2.1

sendmail sendmail switch 3.0.2

sendmail sendmail switch 3.0.3

sgi irix 6.5.19f

sgi irix 6.5.19m

sendmail sendmail 2.6.1

sendmail sendmail 2.6.2

sendmail sendmail 8.10.2

sendmail sendmail 8.11.0

sendmail sendmail 8.12.0

sendmail sendmail 8.12.1

sendmail sendmail 8.12.9

sendmail sendmail 8.9.1

sendmail sendmail 8.9.2

sendmail sendmail switch 2.1.3

sendmail sendmail switch 2.1.4

sendmail sendmail switch 3.0

sendmail sendmail switch 3.0.1

sgi irix 6.5.18f

sgi irix 6.5.18m

apple mac os x 10.2.4

apple mac os x 10.2.5

apple mac os x server 10.2.5

apple mac os x server 10.2.6

compaq tru64 4.0g_pk4_bl22

compaq tru64 5.1

compaq tru64 5.1a_pk3_bl3

compaq tru64 5.1a_pk4_bl21

freebsd freebsd 4.3

freebsd freebsd 4.7

gentoo linux 0.5

gentoo linux 0.7

hp hp-ux 11.00

hp hp-ux 11.11

netbsd netbsd 1.5.1

netbsd netbsd 1.5.2

netbsd netbsd 1.5.3

sun sunos -

sun sunos 5.7

turbolinux turbolinux server 6.1

turbolinux turbolinux server 6.5

apple mac os x 10.2.6

apple mac os x server 10.2

compaq tru64 4.0f

compaq tru64 4.0f_pk6_bl17

compaq tru64 5.1_pk3_bl17

compaq tru64 5.1_pk4_bl18

compaq tru64 5.1_pk5_bl19

compaq tru64 5.1a_pk5_bl23

compaq tru64 5.1b

freebsd freebsd 4.4

freebsd freebsd 4.8

freebsd freebsd 4.9

gentoo linux 1.1a

gentoo linux 1.2

hp hp-ux 11.22

ibm aix 4.3.3

netbsd netbsd 1.5

sun solaris 7.0

sun sunos 5.8

turbolinux turbolinux server 7.0

turbolinux turbolinux server 8.0

apple mac os x 10.2.2

apple mac os x 10.2.3

apple mac os x server 10.2.3

apple mac os x server 10.2.4

compaq tru64 4.0g

compaq tru64 4.0g_pk3_bl17

compaq tru64 5.1a_pk1_bl1

compaq tru64 5.1a_pk2_bl2

freebsd freebsd 3.0

freebsd freebsd 4.0

freebsd freebsd 4.6

freebsd freebsd 5.1

gentoo linux 1.4

hp hp-ux 11.0.4

netbsd netbsd 1.4.3

netbsd netbsd 1.6

sun solaris 2.6

sun solaris 9.0

turbolinux turbolinux advanced server 6.0

turbolinux turbolinux workstation 8.0

apple mac os x 10.2

apple mac os x 10.2.1

apple mac os x server 10.2.1

apple mac os x server 10.2.2

compaq tru64 4.0f_pk7_bl18

compaq tru64 4.0f_pk8_bl22

compaq tru64 5.1_pk6_bl20

compaq tru64 5.1a

compaq tru64 5.1b_pk1_bl1

compaq tru64 5.1b_pk2_bl22

freebsd freebsd 4.5

freebsd freebsd 5.0

ibm aix 5.1

ibm aix 5.2

netbsd netbsd 1.6.1

sun solaris 8.0

turbolinux turbolinux workstation 6.0

turbolinux turbolinux workstation 7.0

Vendor Advisories

Debian Security Advisories: DSA-384-1 sendmail -- buffer overflows
Two vulnerabilities were reported in sendmail CAN-2003-0681: A "potential buffer overflow in ruleset parsing" for Sendmail 8129, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences CAN-2003-0694: The prescan function in Sendmail 8129 allows remote at ...

Github Repositories

https://github.com/byte-mug/cumes

CUMES - C Unrestricted Mail Exchange Server (under construction)

(!) UNDER CONSTRUCTION CUMES - C Unrestricted Mail Exchange Server CUMES is (or will be) a free and secure MTA, partially inspired by qmail Under construction Unrestricted: CUMES is not Free, but with restrictions, Software, but MIT-Licensed You can do (almost) everything with the code Motivation Every few months, or even days, another security hole shows up in sendmail, p

References

NVD-CWE-Otherhttp://www.sendmail.org/8.12.10.htmlhttp://www.cert.org/advisories/CA-2003-25.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.htmlhttp://www.redhat.com/support/errata/RHSA-2003-283.htmlhttp://www.redhat.com/support/errata/RHSA-2003-284.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742http://www.debian.org/security/2003/dsa-384ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txthttp://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.htmlhttp://www.kb.cert.org/vuls/id/784980http://www.mandriva.com/security/advisories?name=MDKSA-2003:092http://marc.info/?l=bugtraq&m=106383437615742&w=2http://marc.info/?l=bugtraq&m=106382859407683&w=2http://marc.info/?l=bugtraq&m=106381604923204&w=2http://marc.info/?l=bugtraq&m=106398718909274&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975https://nvd.nist.govhttps://www.debian.org/security/./dsa-384https://github.com/byte-mug/cumeshttps://www.kb.cert.org/vuls/id/784980
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook