National Vulnerability Database (NVD) National Vulnerability Database (CVE-2003-0694)

National Cyber-Alert System

Vulnerability Summary for CVE-2003-0694

Original release date:10/06/2003

Last revised:09/10/2008

Source: US-CERT/NIST

Overview

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

CERT/CC Advisory: CA-2003-25

Name: CA-2003-25

Type: Advisory; Patch Information

Hyperlink:http://www.cert.org/advisories/CA-2003-25.html

US-CERT Vulnerability Note: VU#784980

Name: VU#784980

Hyperlink:http://www.kb.cert.org/vuls/id/784980

External Source: CONFIRM

Name: http://www.sendmail.org/8.12.10.html

Type: Patch Information

Hyperlink:http://www.sendmail.org/8.12.10.html

External Source: REDHAT

Name: RHSA-2003:284

Hyperlink:http://www.redhat.com/support/errata/RHSA-2003-284.html

External Source: REDHAT

Name: RHSA-2003:283

Hyperlink:http://www.redhat.com/support/errata/RHSA-2003-283.html

External Source: DEBIAN

Name: DSA-384

Hyperlink:http://www.debian.org/security/2003/dsa-384

External Source: BUGTRAQ

Name: 20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106398718909274&w=2

External Source: BUGTRAQ

Name: 20030917 GLSA: sendmail (200309-13)

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106383437615742&w=2

External Source: BUGTRAQ

Name: 20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106382859407683&w=2

External Source: BUGTRAQ

Name: 20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2

External Source: CONECTIVA

Name: CLA-2003:742

Hyperlink:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742

External Source: VULNWATCH

Name: 20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug

Hyperlink:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html

External Source: FULLDISC

Name: 20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]

Hyperlink:http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html

External Source: SCO

Name: SCOSA-2004.11

Hyperlink:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt

External Source: MANDRAKE

Name: MDKSA-2003:092

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2003:092

US Government Resource: oval:org.mitre.oval:def:603

Name: oval:org.mitre.oval:def:603

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:603

US Government Resource: oval:org.mitre.oval:def:572

Name: oval:org.mitre.oval:def:572

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:572

US Government Resource: oval:org.mitre.oval:def:2975

Name: oval:org.mitre.oval:def:2975

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2975

Vulnerable software and versions

Configuration 1

* cpe:/a:sendmail:advanced_message_server:1.2

* cpe:/a:sendmail:advanced_message_server:1.3

* cpe:/a:sendmail:sendmail:2.6

* cpe:/a:sendmail:sendmail:2.6.1

* cpe:/a:sendmail:sendmail:2.6.2

* cpe:/a:sendmail:sendmail:3.0

* cpe:/a:sendmail:sendmail:3.0.1

* cpe:/a:sendmail:sendmail:3.0.2

* cpe:/a:sendmail:sendmail:3.0.3

* cpe:/a:sendmail:sendmail:8.10

* cpe:/a:sendmail:sendmail:8.10.1

* cpe:/a:sendmail:sendmail:8.10.2

* cpe:/a:sendmail:sendmail:8.11.0

* cpe:/a:sendmail:sendmail:8.11.1

* cpe:/a:sendmail:sendmail:8.11.2

* cpe:/a:sendmail:sendmail:8.11.3

* cpe:/a:sendmail:sendmail:8.11.4

* cpe:/a:sendmail:sendmail:8.11.5

* cpe:/a:sendmail:sendmail:8.11.6

* cpe:/a:sendmail:sendmail:8.12.0

* cpe:/a:sendmail:sendmail:8.12.1

* cpe:/a:sendmail:sendmail:8.12.2

* cpe:/a:sendmail:sendmail:8.12.3

* cpe:/a:sendmail:sendmail:8.12.4

* cpe:/a:sendmail:sendmail:8.12.5

* cpe:/a:sendmail:sendmail:8.12.6

* cpe:/a:sendmail:sendmail:8.12.7

* cpe:/a:sendmail:sendmail:8.12.8

* cpe:/a:sendmail:sendmail:8.12.9

* cpe:/a:sendmail:sendmail:8.12:beta10

* cpe:/a:sendmail:sendmail:8.12:beta12

* cpe:/a:sendmail:sendmail:8.12:beta16

* cpe:/a:sendmail:sendmail:8.12:beta5

* cpe:/a:sendmail:sendmail:8.12:beta7

* cpe:/a:sendmail:sendmail:8.8.8

* cpe:/a:sendmail:sendmail:8.9.0

* cpe:/a:sendmail:sendmail:8.9.1

* cpe:/a:sendmail:sendmail:8.9.2

* cpe:/a:sendmail:sendmail:8.9.3

* cpe:/a:sendmail:sendmail_pro:8.9.2

* cpe:/a:sendmail:sendmail_pro:8.9.3

* cpe:/a:sendmail:sendmail_switch:2.1

* cpe:/a:sendmail:sendmail_switch:2.1.1

* cpe:/a:sendmail:sendmail_switch:2.1.2

* cpe:/a:sendmail:sendmail_switch:2.1.3

* cpe:/a:sendmail:sendmail_switch:2.1.4

* cpe:/a:sendmail:sendmail_switch:2.1.5

* cpe:/a:sendmail:sendmail_switch:2.2

* cpe:/a:sendmail:sendmail_switch:2.2.1

* cpe:/a:sendmail:sendmail_switch:2.2.2

* cpe:/a:sendmail:sendmail_switch:2.2.3

* cpe:/a:sendmail:sendmail_switch:2.2.4

* cpe:/a:sendmail:sendmail_switch:2.2.5

* cpe:/a:sendmail:sendmail_switch:3.0

* cpe:/a:sendmail:sendmail_switch:3.0.1

* cpe:/a:sendmail:sendmail_switch:3.0.2

* cpe:/a:sendmail:sendmail_switch:3.0.3

* cpe:/o:sgi:irix:6.5.15

* cpe:/o:sgi:irix:6.5.16

* cpe:/o:sgi:irix:6.5.17f

* cpe:/o:sgi:irix:6.5.17m

* cpe:/o:sgi:irix:6.5.18f

* cpe:/o:sgi:irix:6.5.18m

* cpe:/o:sgi:irix:6.5.19f

* cpe:/o:sgi:irix:6.5.19m

* cpe:/o:sgi:irix:6.5.20f

* cpe:/o:sgi:irix:6.5.20m

* cpe:/o:sgi:irix:6.5.21f

* cpe:/o:sgi:irix:6.5.21m

Configuration 2

* cpe:/o:apple:mac_os_x:10.2

* cpe:/o:apple:mac_os_x:10.2.1

* cpe:/o:apple:mac_os_x:10.2.2

* cpe:/o:apple:mac_os_x:10.2.3

* cpe:/o:apple:mac_os_x:10.2.4

* cpe:/o:apple:mac_os_x:10.2.5

* cpe:/o:apple:mac_os_x:10.2.6

* cpe:/o:apple:mac_os_x_server:10.2

* cpe:/o:apple:mac_os_x_server:10.2.1

* cpe:/o:apple:mac_os_x_server:10.2.2

* cpe:/o:apple:mac_os_x_server:10.2.3

* cpe:/o:apple:mac_os_x_server:10.2.4

* cpe:/o:apple:mac_os_x_server:10.2.5

* cpe:/o:apple:mac_os_x_server:10.2.6

* cpe:/o:compaq:tru64:4.0f

* cpe:/o:compaq:tru64:4.0f_pk6_bl17

* cpe:/o:compaq:tru64:4.0f_pk7_bl18

* cpe:/o:compaq:tru64:4.0f_pk8_bl22

* cpe:/o:compaq:tru64:4.0g

* cpe:/o:compaq:tru64:4.0g_pk3_bl17

* cpe:/o:compaq:tru64:4.0g_pk4_bl22

* cpe:/o:compaq:tru64:5.1

* cpe:/o:compaq:tru64:5.1_pk3_bl17

* cpe:/o:compaq:tru64:5.1_pk4_bl18

* cpe:/o:compaq:tru64:5.1_pk5_bl19

* cpe:/o:compaq:tru64:5.1_pk6_bl20

* cpe:/o:compaq:tru64:5.1a

* cpe:/o:compaq:tru64:5.1a_pk1_bl1

* cpe:/o:compaq:tru64:5.1a_pk2_bl2

* cpe:/o:compaq:tru64:5.1a_pk3_bl3

* cpe:/o:compaq:tru64:5.1a_pk4_bl21

* cpe:/o:compaq:tru64:5.1a_pk5_bl23

* cpe:/o:compaq:tru64:5.1b

* cpe:/o:compaq:tru64:5.1b_pk1_bl1

* cpe:/o:compaq:tru64:5.1b_pk2_bl22

* cpe:/o:freebsd:freebsd:3.0:releng

* cpe:/o:freebsd:freebsd:4.0:releng

* cpe:/o:freebsd:freebsd:4.3:release_p38

* cpe:/o:freebsd:freebsd:4.3:releng

* cpe:/o:freebsd:freebsd:4.4:release_p42

* cpe:/o:freebsd:freebsd:4.4:releng

* cpe:/o:freebsd:freebsd:4.5:release_p32

* cpe:/o:freebsd:freebsd:4.5:releng

* cpe:/o:freebsd:freebsd:4.6:release_p20

* cpe:/o:freebsd:freebsd:4.6:releng

* cpe:/o:freebsd:freebsd:4.7:release_p17

* cpe:/o:freebsd:freebsd:4.7:releng

* cpe:/o:freebsd:freebsd:4.8:release_p6

* cpe:/o:freebsd:freebsd:4.8:releng

* cpe:/o:freebsd:freebsd:4.9:pre-release

* cpe:/o:freebsd:freebsd:5.0:release_p14

* cpe:/o:freebsd:freebsd:5.0:releng

* cpe:/o:freebsd:freebsd:5.1:release_p5

* cpe:/o:freebsd:freebsd:5.1:releng

* cpe:/o:gentoo:linux:0.5

* cpe:/o:gentoo:linux:0.7

* cpe:/o:gentoo:linux:1.1a

* cpe:/o:gentoo:linux:1.2

* cpe:/o:gentoo:linux:1.4:rc1

* cpe:/o:gentoo:linux:1.4:rc2

* cpe:/o:gentoo:linux:1.4:rc3

* cpe:/o:hp:hp-ux:11.0.4

* cpe:/o:hp:hp-ux:11.00

* cpe:/o:hp:hp-ux:11.11

* cpe:/o:hp:hp-ux:11.22

* cpe:/o:ibm:aix:4.3.3

* cpe:/o:ibm:aix:5.1

* cpe:/o:ibm:aix:5.2

* cpe:/o:netbsd:netbsd:1.4.3

* cpe:/o:netbsd:netbsd:1.5

* cpe:/o:netbsd:netbsd:1.5.1

* cpe:/o:netbsd:netbsd:1.5.2

* cpe:/o:netbsd:netbsd:1.5.3

* cpe:/o:netbsd:netbsd:1.5::sh3

* cpe:/o:netbsd:netbsd:1.5::x86

* cpe:/o:netbsd:netbsd:1.6

* cpe:/o:netbsd:netbsd:1.6.1

* cpe:/o:netbsd:netbsd:1.6:beta

* cpe:/o:sun:solaris:2.6

* cpe:/o:sun:solaris:2.6::x86

* cpe:/o:sun:solaris:7.0

* cpe:/o:sun:solaris:7.0::x86

* cpe:/o:sun:solaris:8.0

* cpe:/o:sun:solaris:8.0::x86

* cpe:/o:sun:solaris:9.0::sparc

* cpe:/o:sun:solaris:9.0::x86

* cpe:/o:turbolinux:turbolinux_advanced_server:6.0

* cpe:/o:turbolinux:turbolinux_server:6.1

* cpe:/o:turbolinux:turbolinux_server:6.5

* cpe:/o:turbolinux:turbolinux_server:7.0

* cpe:/o:turbolinux:turbolinux_server:8.0

* cpe:/o:turbolinux:turbolinux_workstation:6.0

* cpe:/o:turbolinux:turbolinux_workstation:7.0

* cpe:/o:turbolinux:turbolinux_workstation:8.0

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0694