Lucene search
GoogleOSV:DSA-257HistoryMar 04, 2003 - 12:00 a.m.
sendmail - remote exploit
2003-03-0400:00:00
Google
osv.dev
17
0.902 High
EPSS
Percentile
98.8%
Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer overflow when encountering
addresses with very long comments. Since sendmail also parses headers
when forwarding emails this vulnerability can hit mail-servers which do
not deliver the email as well.
This has been fixed in upstream release 8.12.8, version 8.12.3-5 of
the package for Debian GNU/Linux 3.0/woody and version 8.9.3-25 of the
package for Debian GNU/Linux 2.2/potato.
DSA-257-2: Updated sendmail-wide packages are available in package
version 8.9.3+3.2W-24 for Debian 2.2 (potato) and
version 8.12.3+3.5Wbeta-5.2 for Debian 3.0 (woody).
References
Related
openvas
openvas
Debian Security Advisory DSA 257-1 (sendmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 257-1 (sendmail)
2008-01-17 00:00:00
HP-UX Update for sendmail HPSBUX00246
2009-05-05 00:00:00
nvd
nvd
CVE-2002-1337
2003-03-07 05:00:00
CVE-2003-0161
2003-04-02 05:00:00
cert
cert
Remote Buffer Overflow in Sendmail
2003-03-03 00:00:00
nessus
nessus
Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow
2003-03-03 00:00:00
Mandrake Linux Security Advisory : sendmail (MDKSA-2003:028)
2004-07-31 00:00:00
AIX 5.1 : IY40501
2004-09-01 00:00:00
redhat
redhat
(RHSA-2003:074) sendmail security update
2003-03-12 00:00:00
debiancve
debiancve
CVE-2002-1337
2004-09-01 04:00:00
CVE-2003-0161
2003-04-02 05:00:00
cve
cve
CVE-2002-1337
2004-09-01 04:00:00
CVE-2003-0161
2003-04-02 05:00:00
suse
suse
local privilege escalation in sendmail, sendmail-tls
2003-03-03 19:19:15
checkpoint_advisories
checkpoint_advisories
Sendmail Header Processing Buffer Overflow (CVE-2002-1337)
2009-12-13 00:00:00
cvelist
cvelist
CVE-2002-1337
2004-09-01 04:00:00
CVE-2003-0161
2003-04-01 05:00:00