First published: Fri Mar 07 2003(Updated: )
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sendmail | <8.9.3 | |
Sendmail | >=8.10.0<8.11.6 | |
Sendmail | >=8.12.0<8.12.8 | |
HP AlphaServer SC | ||
Gentoo Linux | =1.4-rc1 | |
Gentoo Linux | =1.4-rc2 | |
HPE HP-UX | =10.10 | |
HPE HP-UX | =10.20 | |
HPE HP-UX | =11.00 | |
HPE HP-UX | =11.0.4 | |
HPE HP-UX | =11.11 | |
HPE HP-UX | =11.22 | |
NetBSD current | =1.5 | |
NetBSD current | =1.5.1 | |
NetBSD current | =1.5.2 | |
NetBSD current | =1.5.3 | |
NetBSD current | =1.6 | |
Oracle Solaris and Zettabyte File System (ZFS) | =2.6 | |
Oracle Solaris and Zettabyte File System (ZFS) | =7.0 | |
Oracle Solaris and Zettabyte File System (ZFS) | =8 | |
Oracle Solaris and Zettabyte File System (ZFS) | =9 | |
Sun SunOS | ||
Sun SunOS | =5.7 | |
Sun SunOS | =5.8 | |
Wind River BSD OS | =4.2 | |
Wind River BSD OS | =4.3.1 | |
Wind River BSD OS | =5.0 | |
Wind River Platform SA | =1.0 | |
Sendmail | =2.1.2 | |
Sendmail | =3.0.2 | |
Sendmail | =2.2.2 | |
Sendmail | =8.9.2 | |
Sendmail | =2.1.1 | |
Sendmail | =8.11.4 | |
Sendmail | =8.8.8 | |
Sendmail | =2.6.1 | |
Sendmail | =8.12-beta16 | |
Sendmail | =8.11.1 | |
Sendmail | =8.11.0 | |
Sendmail | =2.1.3 | |
Sendmail | =8.12.3 | |
Sendmail | =2.6 | |
Sendmail | =8.11.3 | |
Sendmail | =2.2.1 | |
Sendmail | =1.3 | |
Sendmail | =5.59 | |
Sendmail | =5.61 | |
Sendmail | =8.9.1 | |
Sendmail | =3.0.1 | |
Sendmail | =1.2 | |
Sendmail | =2.2 | |
Sendmail | =8.10.2 | |
Sendmail | =8.12.4 | |
Sendmail | =8.12-beta12 | |
Sendmail | =8.9.0 | |
Sendmail | =8.10.1 | |
Sendmail | =2.1 | |
Sendmail | =8.12.1 | |
Sendmail | =5.65 | |
Sendmail | =8.11.6 | |
Sendmail | =8.12.5 | |
Sendmail | =2.2.3 | |
Sendmail | =8.10 | |
Sendmail | =3.0 | |
Sendmail | =3.0 | |
Sendmail | =8.12-beta7 | |
Sendmail | =8.9.3 | |
Sendmail | =8.12.0 | |
Sendmail | =8.12-beta5 | |
Sendmail | =8.12.6 | |
SGI Freeware | =1.0 | |
Sendmail | =3.0.1 | |
Sendmail | =3.0.2 | |
Sendmail | =8.12-beta10 | |
Sendmail | =8.12.2 | |
Sendmail | =8.11.2 | |
Sendmail | =8.12.7 | |
Sendmail | =2.2.4 | |
Sendmail | =8.11.5 | |
Sendmail | =2.1.4 | |
SunOS | =5.7 | |
SunOS | =5.8 | |
Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
Oracle Solaris and Zettabyte File System (ZFS) | =7.0 | |
Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
Oracle Solaris and Zettabyte File System (ZFS) | =2.6 | |
Oracle Solaris and Zettabyte File System (ZFS) | =8.0 | |
SunOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2002-1337 is considered high due to its potential to allow remote attackers to execute arbitrary code.
To fix CVE-2002-1337, update Sendmail to a version later than 8.12.8, or apply the appropriate patches provided by the vendor.
CVE-2002-1337 affects Sendmail versions from 5.79 to 8.12.7 inclusive.
Yes, CVE-2002-1337 can be exploited remotely through specially crafted email messages manipulating address fields.
CVE-2002-1337 is a buffer overflow vulnerability, which can lead to arbitrary code execution.