Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-384
HistorySep 17, 2003 - 12:00 a.m.

sendmail - buffer overflows

2003-09-1700:00:00
Google
osv.dev
5

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.057 Low

EPSS

Percentile

93.3%

JSON

Two vulnerabilities were reported in sendmail.

A “potential buffer overflow in ruleset parsing” for Sendmail
8.12.9, when using the nonstandard rulesets (1) recipient (2),
final, or (3) mailer-specific envelope recipients, has unknown
consequences.

The prescan function in Sendmail 8.12.9 allows remote attackers to
execute arbitrary code via buffer overflow attacks, as demonstrated
using the parseaddr function in parseaddr.c.

For the stable distribution (woody) these problems have been fixed in
sendmail version 8.12.3-6.6 and sendmail-wide version
8.12.3+3.5Wbeta-5.5.

For the unstable distribution (sid) these problems have been fixed in
sendmail version 8.12.10-1.

We recommend that you update your sendmail package.

Related

nessus 12
openvas 5
cert 1
debian 1
cve 2
nvd 2
redhat 1
cvelist 2
ubuntucve 2
debiancve 2
suse 1
nessus
nessus
Debian DSA-384-1 : sendmail - buffer overflows
2004-09-29 00:00:00
HP-UX PHNE_29912 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)
2005-02-16 00:00:00
HP-UX PHNE_30224 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)
2005-02-16 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-384)
2008-01-17 00:00:00
Debian Security Advisory DSA 384-1 (sendmail)
2008-01-17 00:00:00
HP-UX Update for sendmail HPSBUX00281
2009-05-05 00:00:00
cert
cert
Sendmail prescan() buffer overflow vulnerability
2003-09-17 00:00:00
debian
debian
[SECURITY] [DSA-384-1] New sendmail packages fix buffer overflows
2003-09-17 00:00:00
cve
cve
CVE-2003-0681
2003-10-06 04:00:00
CVE-2003-0694
2003-10-06 04:00:00
nvd
nvd
CVE-2003-0681
2003-10-06 04:00:00
CVE-2003-0694
2003-10-06 04:00:00
redhat
redhat
(RHSA-2003:284) sendmail security update
2003-09-17 00:00:00
cvelist
cvelist
CVE-2003-0694
2003-09-18 04:00:00
CVE-2003-0681
2003-09-18 04:00:00
ubuntucve
ubuntucve
CVE-2003-0694
2003-10-06 00:00:00
CVE-2003-0681
2003-10-06 00:00:00
debiancve
debiancve
CVE-2003-0681
2003-10-06 04:00:00
CVE-2003-0694
2003-10-06 04:00:00
suse
suse
local/remote privilege escalation in sendmail, sendmail-tls
2003-09-20 16:11:37

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.057 Low

EPSS

Percentile

93.3%

JSON
Related for OSV:DSA-384
nessus12openvas5cert1debian1cve2nvd2redhat1cvelist2ubuntucve2debiancve2suse1