[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251782

 
 

909

 
 

196543

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2003-0161Date: (C)2003-04-02   (M)2023-12-22


The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SUNALERT-1001088
http://marc.info/?l=bugtraq&m=104897487512238&w=2
http://marc.info/?l=bugtraq&m=104896621106790&w=2
http://marc.info/?l=bugtraq&m=104914999806315&w=2
http://www.securityfocus.com/archive/1/archive/1/316961/30/25250/threaded
20030401-01-P
http://www.securityfocus.com/archive/1/321997
SUNALERT-52620
SUNALERT-52700
BID-7230
CA-2003-12
CLA-2003:614
CSSA-2003-016.0
DSA-278
DSA-290
FreeBSD-SA-03:07
GLSA-200303-27
IMNX-2003-7+-002-01
RHSA-2003:120
RHSA-2003:121
SCOSA-2004.11
VU#897604
http://lists.apple.com/mhonarc/security-announce/msg00028.html

CPE    84
cpe:/a:sendmail:sendmail:8.12.0
cpe:/o:compaq:tru64:5.1a
cpe:/o:compaq:tru64:5.1b
cpe:/o:compaq:tru64:5.0a_pk3_bl17
...

© SecPod Technologies