CVE-2003-0694

Published: 06/10/2003 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The prescan function in Sendmail 8.12.9 allows remote malicious users to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sendmail sendmail switch 2.1.2
sendmail sendmail switch 3.0.2
sendmail sendmail switch 2.2.2
sendmail sendmail 2.6.2
sendmail sendmail 8.9.2
sendmail sendmail switch 2.1.1
sendmail sendmail 8.11.4
sendmail sendmail 8.8.8
sendmail sendmail 8.12
sgi irix 6.5.17f
sendmail sendmail 2.6
sendmail sendmail 8.11.1
sendmail sendmail 8.11.0
sendmail sendmail switch 2.1.3
sendmail sendmail 8.12.3
sendmail sendmail 8.11.3
sendmail sendmail switch 2.2.1
sendmail sendmail 2.6.1
sendmail advanced message server 1.3
sendmail sendmail 8.12.8
sgi irix 6.5.18f
sgi irix 6.5.19f
sgi irix 6.5.21f
sendmail sendmail 8.12.9
sendmail sendmail 8.9.1
sendmail sendmail pro 8.9.2
sgi irix 6.5.21m
sendmail advanced message server 1.2
sendmail sendmail switch 2.2
sendmail sendmail 8.10.2
sendmail sendmail 8.12.4
sgi irix 6.5.17m
sgi irix 6.5.20m
sendmail sendmail 8.9.0
sendmail sendmail 3.0.3
sgi irix 6.5.15
sendmail sendmail 8.10.1
sendmail sendmail switch 2.1
sendmail sendmail 8.12.1
sendmail sendmail 8.11.6
sendmail sendmail 8.12.5
sendmail sendmail switch 2.2.3
sendmail sendmail switch 2.1.5
sendmail sendmail 8.10
sgi irix 6.5.19m
sendmail sendmail switch 3.0
sgi irix 6.5.20f
sendmail sendmail 8.9.3
sendmail sendmail switch 2.2.5
sendmail sendmail 8.12.0
sendmail sendmail 8.12.6
sendmail sendmail switch 3.0.1
sendmail sendmail 3.0.2
sendmail sendmail pro 8.9.3
sendmail sendmail 8.12.2
sendmail sendmail 3.0
sendmail sendmail 8.11.2
sendmail sendmail 3.0.1
sendmail sendmail 8.12.7
sendmail sendmail switch 2.2.4
sendmail sendmail switch 3.0.3
sgi irix 6.5.18m
sendmail sendmail 8.11.5
sendmail sendmail switch 2.1.4
sgi irix 6.5.16
freebsd freebsd 4.3
turbolinux turbolinux server 6.5
netbsd netbsd 1.5.3
freebsd freebsd 4.6
netbsd netbsd 1.6
apple mac os x 10.2.5
freebsd freebsd 3.0
hp hp-ux 11.11
compaq tru64 5.1 pk3 bl17
apple mac os x server 10.2.2
freebsd freebsd 5.1
apple mac os x server 10.2.4
netbsd netbsd 1.5
apple mac os x 10.2.1
freebsd freebsd 4.8
compaq tru64 5.1 pk4 bl18
turbolinux turbolinux workstation 6.0
freebsd freebsd 5.0
turbolinux turbolinux server 7.0
netbsd netbsd 1.6.1
compaq tru64 5.1b pk1 bl1
apple mac os x server 10.2.3
sun sunos 5.7
compaq tru64 4.0f pk6 bl17
compaq tru64 4.0g
freebsd freebsd 4.7
compaq tru64 4.0g pk3 bl17
compaq tru64 5.1a pk4 bl21
apple mac os x 10.2.4
freebsd freebsd 4.4
sun sunos 5.8
compaq tru64 4.0f pk8 bl22
ibm aix 5.2
sun solaris 9.0
gentoo linux 1.4
apple mac os x 10.2.2
hp hp-ux 11.00
gentoo linux 0.5
compaq tru64 5.1a pk3 bl3
compaq tru64 4.0f
turbolinux turbolinux workstation 7.0
netbsd netbsd 1.5.1
apple mac os x server 10.2.5
hp hp-ux 11.0.4
freebsd freebsd 4.9
sun solaris 7.0
hp hp-ux 11.22
ibm aix 4.3.3
compaq tru64 5.1 pk6 bl20
gentoo linux 1.1a
freebsd freebsd 4.5
netbsd netbsd 1.5.2
compaq tru64 5.1 pk5 bl19
apple mac os x server 10.2.6
turbolinux turbolinux workstation 8.0
netbsd netbsd 1.4.3
apple mac os x server 10.2
compaq tru64 5.1b pk2 bl22
compaq tru64 5.1a
freebsd freebsd 4.0
compaq tru64 4.0g pk4 bl22
apple mac os x server 10.2.1
compaq tru64 5.1a pk5 bl23
compaq tru64 5.1b
compaq tru64 5.1
gentoo linux 0.7
apple mac os x 10.2.6
gentoo linux 1.2
compaq tru64 5.1a pk2 bl2
turbolinux turbolinux server 6.1
turbolinux turbolinux advanced server 6.0
turbolinux turbolinux server 8.0
apple mac os x 10.2.3
compaq tru64 4.0f pk7 bl18
ibm aix 5.1
sun solaris 2.6
compaq tru64 5.1a pk1 bl1
apple mac os x 10.2
sun solaris 8.0
sun sunos -

Two vulnerabilities were reported in sendmail CAN-2003-0681: A "potential buffer overflow in ruleset parsing" for Sendmail 8129, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences CAN-2003-0694: The prescan function in Sendmail 8129 allows remote at ...

CUMES - C Unrestricted Mail Exchange Server (under construction)

(!) UNDER CONSTRUCTION CUMES - C Unrestricted Mail Exchange Server CUMES is (or will be) a free and secure MTA, partially inspired by qmail Under construction Unrestricted: CUMES is not Free, but with restrictions, Software, but MIT-Licensed You can do (almost) everything with the code Motivation Every few months, or even days, another security hole shows up in sendmail, p

NVD-CWE-Other http://www.sendmail.org/8.12.10.html http://www.cert.org/advisories/CA-2003-25.html http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html http://www.redhat.com/support/errata/RHSA-2003-283.html http://www.redhat.com/support/errata/RHSA-2003-284.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742 http://www.debian.org/security/2003/dsa-384 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html http://www.kb.cert.org/vuls/id/784980 http://www.mandriva.com/security/advisories?name=MDKSA-2003:092 http://marc.info/?l=bugtraq&m=106383437615742&w=2 http://marc.info/?l=bugtraq&m=106382859407683&w=2 http://marc.info/?l=bugtraq&m=106381604923204&w=2 http://marc.info/?l=bugtraq&m=106398718909274&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975 https://nvd.nist.gov https://www.debian.org/security/./dsa-384 https://github.com/byte-mug/cumes https://www.kb.cert.org/vuls/id/784980

Get Started

CVE-2003-0694

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect