CVE-2002-1337
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.6 High
AI Score
Confidence
Low
0.902 High
EPSS
Percentile
98.8%
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| sendmail:sendmail | sendmail | lt | 8.9.3 |
| sendmail:sendmail | sendmail | lt | 8.11.6 |
| sendmail:sendmail | sendmail | lt | 8.12.8 |
References
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
marc.info/?l=bugtraq&m=104673778105192&w=2
marc.info/?l=bugtraq&m=104678739608479&w=2
marc.info/?l=bugtraq&m=104678862109841&w=2
marc.info/?l=bugtraq&m=104678862409849&w=2
marc.info/?l=bugtraq&m=104679411316818&w=2
www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
www.cert.org/advisories/CA-2003-07.html
www.debian.org/security/2003/dsa-257
www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
www.iss.net/security_center/static/10748.php
www.kb.cert.org/vuls/id/398025
www.redhat.com/support/errata/RHSA-2003-073.html
www.redhat.com/support/errata/RHSA-2003-074.html
www.redhat.com/support/errata/RHSA-2003-227.html
www.securityfocus.com/bid/6991
www.sendmail.org/8.12.8.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.6 High
AI Score
Confidence
Low
0.902 High
EPSS
Percentile
98.8%