CVE-2002-1337

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc	Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6	Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5	Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P	Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571	Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028	Broken Link
http://marc.info/?l=bugtraq&m=104673778105192&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=104678739608479&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862109841&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862409849&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=104679411316818&w=2	Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only	Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only	Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only	Broken Link
http://www.cert.org/advisories/CA-2003-07.html	Broken Link Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-257	Broken Link
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950	Broken Link Patch Vendor Advisory
http://www.iss.net/security_center/static/10748.php	Broken Link
http://www.kb.cert.org/vuls/id/398025	Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2003-073.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2003-074.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2003-227.html	Broken Link
http://www.securityfocus.com/bid/6991	Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.sendmail.org/8.12.8.html	Broken Link Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sendmail:sendmail::::::::
	cpe:2.3:a:sendmail:sendmail::::::::
	cpe:2.3:a:sendmail:sendmail::::::::

Configuration 2 (hide)

OR	cpe:2.3:h:hp:alphaserver_sc::::::::
	cpe:2.3:o:gentoo:linux:1.4:rc1::::::
	cpe:2.3:o:gentoo:linux:1.4:rc2::::::
	cpe:2.3:o:hp:hp-ux:10.10:::::::*
	cpe:2.3:o:hp:hp-ux:10.20:::::::*
	cpe:2.3:o:hp:hp-ux:11.00:::::::*
	cpe:2.3:o:hp:hp-ux:11.0.4:::::::*
	cpe:2.3:o:hp:hp-ux:11.11:::::::*
	cpe:2.3:o:hp:hp-ux:11.22:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.2:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.3:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6:::::::*
	cpe:2.3:o:oracle:solaris:2.6:::::::*
	cpe:2.3:o:oracle:solaris:7.0:::::::*
	cpe:2.3:o:oracle:solaris:8:::::::*
	cpe:2.3:o:oracle:solaris:9:::::::*
	cpe:2.3:o:sun:sunos:-:::::::*
	cpe:2.3:o:sun:sunos:5.7:::::::*
	cpe:2.3:o:sun:sunos:5.8:::::::*
	cpe:2.3:o:windriver:bsdos:4.2:::::::*
	cpe:2.3:o:windriver:bsdos:4.3.1:::::::*
	cpe:2.3:o:windriver:bsdos:5.0:::::::*
	cpe:2.3:o:windriver:platform_sa:1.0:::::::*

History

No history.

Information

Published : 2003-03-07 05:00

Updated : 2024-02-09 03:19

NVD link : CVE-2002-1337

Mitre link : CVE-2002-1337

CVE.ORG link : CVE-2002-1337

JSON object : View

Products Affected

windriver

bsdos
platform_sa

hp-ux
alphaserver_sc

sendmail

sendmail

sun

sunos

netbsd

netbsd

gentoo

linux

oracle

solaris

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

10.0 /10