Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1337

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-1337
Last Modified 05 Sep 2008 04:30:19
Published 07 Mar 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1337

Summary

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

  • Hp-ux 10.10

  • Hp-ux 10.20

  • Hp-ux 11.0.4

  • Hp-ux 11.00

  • Hp-ux 11.11

  • Hp-ux 11.22

  • Netbsd 1.5

  • Netbsd 1.5.1

  • Netbsd 1.5.2

  • Netbsd 1.5.3

  • Netbsd 1.6

  • Sun Solaris 2.6

  • Sun Solaris 7.0

  • Sun Solaris 8.0

  • Sun Solaris 9.0

  • Windriver Bsdos 4.2

  • Windriver Bsdos 4.3.1

  • Windriver Bsdos 5.0

  • Windriver Platform Sa 1.0

Application

  • Sendmail 2.6

  • Sendmail 2.6.1

  • Sendmail 3.0

  • Sendmail 3.0.1

  • Sendmail 3.0.2

  • Sendmail 5.59

  • Sendmail 5.61

  • Sendmail 5.65

  • Sendmail 8.10

  • Sendmail 8.10.1

  • Sendmail 8.10.2

  • Sendmail 8.11.0

  • Sendmail 8.11.1

  • Sendmail 8.11.2

  • Sendmail 8.11.3

  • Sendmail 8.11.4

  • Sendmail 8.11.5

  • Sendmail 8.11.6

  • Sendmail 8.12

  • Sendmail 8.12.0

  • Sendmail 8.12.1

  • Sendmail 8.12.2

  • Sendmail 8.12.3

  • Sendmail 8.12.4

  • Sendmail 8.12.5

  • Sendmail 8.12.6

  • Sendmail 8.12.7

  • Sendmail 8.8.8

  • Sendmail 8.9.0

  • Sendmail 8.9.1

  • Sendmail 8.9.2

  • Sendmail 8.9.3

  • Sendmail Advanced Message Server 1.2

  • Sendmail Advanced Message Server 1.3

  • Sendmail Switch 2.1

  • Sendmail Switch 2.1.1

  • Sendmail Switch 2.1.2

  • Sendmail Switch 2.1.3

  • Sendmail Switch 2.1.4

  • Sendmail Switch 2.2

  • Sendmail Switch 2.2.1

  • Sendmail Switch 2.2.2

  • Sendmail Switch 2.2.3

  • Sendmail Switch 2.2.4

  • Sendmail Switch 3.0

  • Sendmail Switch 3.0.1

  • Sendmail Switch 3.0.2

  • Sgi Freeware 1.0


References

CERT - CA-2003-07

CERT-VN - VU#398025

CONFIRM - http://www.sendmail.org/8.12.8.html

BID - 6991

ISS - 20030303 Remote Sendmail Header Processing Vulnerability

REDHAT - RHSA-2003:227

REDHAT - RHSA-2003:074

REDHAT - RHSA-2003:073

XF - sendmail-header-processing-bo(10748)

DEBIAN - DSA-257

AIXAPAR - IY40502

AIXAPAR - IY40501

AIXAPAR - IY40500

HP - HPSBUX0302-246

BUGTRAQ - 20030304 GLSA: sendmail (200303-4)

BUGTRAQ - 20030303 Fwd: APPLE-SA-2003-03-03 sendmail

BUGTRAQ - 20030304 [LSD] Technical analysis of the remote sendmail vulnerability

BUGTRAQ - 20030303 sendmail 8.12.8 available

MANDRAKE - MDKSA-2003:028

CONECTIVA - CLA-2003:571

SGI - 20030301-01-P

CALDERA - CSSA-2003-SCO.5

CALDERA - CSSA-2003-SCO.6

NETBSD - NetBSD-SA2003-002


Last Updated: 27 May 2016 10:37:16