Sendmail < 8.12.10 prescan() Function Remote Overflow

2003-09-1700:00:00

www.tenable.com

111

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.052

Percentile

93.1%

JSON

According to its version number, the remote Sendmail server is between 5.79 to 8.12.9. Such versions are reportedly vulnerable to remote buffer overflow attacks, one in the ‘prescan()’ function and another involving its ruleset processing. A remote user may be able to leverage these issues to gain root privileges.

#
# (C) Tenable Network Security, Inc.
#
# Ref:
#  Date: Wed, 17 Sep 2003 11:19:46 +0200 (CEST)
#  From: Michal Zalewski <[email protected]>
#  To: [email protected], <[email protected]>,
#      <[email protected]>
#       Subject: Sendmail 8.12.9 prescan bug (a new one) [CVE-2003-0694]

include("compat.inc");

if (description)
{
  script_id(11838);
  script_version("1.38");
  script_cvs_date("Date: 2018/11/15 20:50:24");

  script_cve_id("CVE-2003-0681", "CVE-2003-0694");
  script_bugtraq_id(8641, 8649);
  script_xref(name:"CERT", value:"108964");
  script_xref(name:"RHSA", value:"2003:283");
  script_xref(name:"SuSE", value:"SUSE-SA");

  script_name(english:"Sendmail < 8.12.10 prescan() Function Remote Overflow");
  script_summary(english:"Checks the version number");

  script_set_attribute(attribute:"synopsis", value:
"The remote mail server is prone to multiple buffer overflow attacks.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the remote Sendmail server is
between 5.79 to 8.12.9.  Such versions are reportedly vulnerable to
remote buffer overflow attacks, one in the 'prescan()' function and
another involving its ruleset processing.  A remote user may be able
to leverage these issues to gain root privileges.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2003/Sep/857");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Sendmail version 8.12.10 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2003-0694");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2003/09/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2003/09/17");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SMTP problems");

  script_dependencies("sendmail_detect.nbin");
  script_require_keys("installed_sw/Sendmail");
  exit(0);
}

include("vcf.inc");

app_info = vcf::get_app_info(app:"Sendmail");

constraints = [{ "min_version" : "5.79", "fixed_version" : "8.12.10" }];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);