CVE-2002-1337: Buffer Overflow
First published: Fri Mar 07 2003(Updated: )
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sendmail Sendmail | <8.9.3 | |
| Sendmail Sendmail | >=8.10.0<8.11.6 | |
| Sendmail Sendmail | >=8.12.0<8.12.8 | |
| Hp Alphaserver Sc | ||
| Gentoo Linux | =1.4-rc1 | |
| Gentoo Linux | =1.4-rc2 | |
| HP HP-UX | =10.10 | |
| HP HP-UX | =10.20 | |
| HP HP-UX | =11.00 | |
| HP HP-UX | =11.0.4 | |
| HP HP-UX | =11.11 | |
| HP HP-UX | =11.22 | |
| NetBSD NetBSD | =1.5 | |
| NetBSD NetBSD | =1.5.1 | |
| NetBSD NetBSD | =1.5.2 | |
| NetBSD NetBSD | =1.5.3 | |
| NetBSD NetBSD | =1.6 | |
| Oracle Solaris | =2.6 | |
| Oracle Solaris | =7.0 | |
| Oracle Solaris | =8 | |
| Oracle Solaris | =9 | |
| Sun SunOS | ||
| Sun SunOS | =5.7 | |
| Sun SunOS | =5.8 | |
| Windriver Bsdos | =4.2 | |
| Windriver Bsdos | =4.3.1 | |
| Windriver Bsdos | =5.0 | |
| Windriver Platform Sa | =1.0 | |
| Sendmail Advanced Message Server | =1.2 | |
| Sendmail Advanced Message Server | =1.3 | |
| Sendmail Sendmail | =2.6 | |
| Sendmail Sendmail | =2.6.1 | |
| Sendmail Sendmail | =3.0 | |
| Sendmail Sendmail | =3.0.1 | |
| Sendmail Sendmail | =3.0.2 | |
| Sendmail Sendmail | =5.59 | |
| Sendmail Sendmail | =5.61 | |
| Sendmail Sendmail | =5.65 | |
| Sendmail Sendmail | =8.8.8 | |
| Sendmail Sendmail | =8.9.0 | |
| Sendmail Sendmail | =8.9.1 | |
| Sendmail Sendmail | =8.9.2 | |
| Sendmail Sendmail | =8.9.3 | |
| Sendmail Sendmail | =8.10 | |
| Sendmail Sendmail | =8.10.1 | |
| Sendmail Sendmail | =8.10.2 | |
| Sendmail Sendmail | =8.11.0 | |
| Sendmail Sendmail | =8.11.1 | |
| Sendmail Sendmail | =8.11.2 | |
| Sendmail Sendmail | =8.11.3 | |
| Sendmail Sendmail | =8.11.4 | |
| Sendmail Sendmail | =8.11.5 | |
| Sendmail Sendmail | =8.11.6 | |
| Sendmail Sendmail | =8.12-beta10 | |
| Sendmail Sendmail | =8.12-beta12 | |
| Sendmail Sendmail | =8.12-beta16 | |
| Sendmail Sendmail | =8.12-beta5 | |
| Sendmail Sendmail | =8.12-beta7 | |
| Sendmail Sendmail | =8.12.0 | |
| Sendmail Sendmail | =8.12.1 | |
| Sendmail Sendmail | =8.12.2 | |
| Sendmail Sendmail | =8.12.3 | |
| Sendmail Sendmail | =8.12.4 | |
| Sendmail Sendmail | =8.12.5 | |
| Sendmail Sendmail | =8.12.6 | |
| Sendmail Sendmail | =8.12.7 | |
| Sendmail Sendmail Switch | =2.1 | |
| Sendmail Sendmail Switch | =2.1.1 | |
| Sendmail Sendmail Switch | =2.1.2 | |
| Sendmail Sendmail Switch | =2.1.3 | |
| Sendmail Sendmail Switch | =2.1.4 | |
| Sendmail Sendmail Switch | =2.2 | |
| Sendmail Sendmail Switch | =2.2.1 | |
| Sendmail Sendmail Switch | =2.2.2 | |
| Sendmail Sendmail Switch | =2.2.3 | |
| Sendmail Sendmail Switch | =2.2.4 | |
| Sendmail Sendmail Switch | =3.0 | |
| Sendmail Sendmail Switch | =3.0.1 | |
| Sendmail Sendmail Switch | =3.0.2 | |
| Sgi Freeware | =1.0 | |
| Sun Solaris | =2.6 | |
| Sun Solaris | =7.0 | |
| Sun Solaris | =8.0 | |
| Sun Solaris | =9.0 | |
| Sun Solaris | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
- http://www.sendmail.org/8.12.8.html
- http://www.cert.org/advisories/CA-2003-07.html
- http://www.securityfocus.com/bid/6991
- http://www.redhat.com/support/errata/RHSA-2003-073.html
- http://www.redhat.com/support/errata/RHSA-2003-074.html
- http://www.redhat.com/support/errata/RHSA-2003-227.html
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
- http://www.debian.org/security/2003/dsa-257
- http://www.kb.cert.org/vuls/id/398025
- http://www.iss.net/security_center/static/10748.php
- http://marc.info/?l=bugtraq&m=104679411316818&w=2
- http://marc.info/?l=bugtraq&m=104678739608479&w=2
- http://marc.info/?l=bugtraq&m=104678862109841&w=2
- http://marc.info/?l=bugtraq&m=104673778105192&w=2
- http://marc.info/?l=bugtraq&m=104678862409849&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/event
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- vendor/sendmail
- product/sendmail switch
- canonical/sendmail sendmail switch
- product/sendmail
- canonical/sendmail sendmail
- product/advanced message server
- canonical/sendmail advanced message server
- vendor/sgi
- product/freeware
- canonical/sgi freeware
- vendor/netbsd
- product/netbsd
- canonical/netbsd netbsd
- vendor/hp
- product/hp-ux
- canonical/hp hp-ux
- vendor/windriver
- product/bsdos
- canonical/windriver bsdos
- vendor/sun
- product/sunos
- canonical/sun sunos
- product/solaris
- canonical/sun solaris
- vendor/gentoo
- product/linux
- canonical/gentoo linux
- product/platform sa
- canonical/windriver platform sa
- product/alphaserver sc
- canonical/hp alphaserver sc
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/sendmail sendmail/8.10.0
- version/sendmail sendmail/8.12.0
- version/gentoo linux/1.4-rc1
- version/gentoo linux/1.4-rc2
- version/hp hp-ux/10.10
- version/hp hp-ux/10.20
- version/hp hp-ux/11.00
- version/hp hp-ux/11.0.4
- version/hp hp-ux/11.11
- version/hp hp-ux/11.22
- version/netbsd netbsd/1.5
- version/netbsd netbsd/1.5.1
- version/netbsd netbsd/1.5.2
- version/netbsd netbsd/1.5.3
- version/netbsd netbsd/1.6
- vendor/oracle
- canonical/oracle solaris
- version/oracle solaris/2.6
- version/oracle solaris/7.0
- version/oracle solaris/8
- version/oracle solaris/9
- version/sun sunos/5.7
- version/sun sunos/5.8
- version/windriver bsdos/4.2
- version/windriver bsdos/4.3.1
- version/windriver bsdos/5.0
- version/windriver platform sa/1.0
- version/sendmail advanced message server/1.2
- version/sendmail advanced message server/1.3
- version/sendmail sendmail/2.6
- version/sendmail sendmail/2.6.1
- version/sendmail sendmail/3.0
- version/sendmail sendmail/3.0.1
- version/sendmail sendmail/3.0.2
- version/sendmail sendmail/5.59
- version/sendmail sendmail/5.61
- version/sendmail sendmail/5.65
- version/sendmail sendmail/8.8.8
- version/sendmail sendmail/8.9.0
- version/sendmail sendmail/8.9.1
- version/sendmail sendmail/8.9.2
- version/sendmail sendmail/8.9.3
- version/sendmail sendmail/8.10
- version/sendmail sendmail/8.10.1
- version/sendmail sendmail/8.10.2
- version/sendmail sendmail/8.11.0
- version/sendmail sendmail/8.11.1
- version/sendmail sendmail/8.11.2
- version/sendmail sendmail/8.11.3
- version/sendmail sendmail/8.11.4
- version/sendmail sendmail/8.11.5
- version/sendmail sendmail/8.11.6
- version/sendmail sendmail/8.12-beta10
- version/sendmail sendmail/8.12-beta12
- version/sendmail sendmail/8.12-beta16
- version/sendmail sendmail/8.12-beta5
- version/sendmail sendmail/8.12-beta7
- version/sendmail sendmail/8.12.1
- version/sendmail sendmail/8.12.2
- version/sendmail sendmail/8.12.3
- version/sendmail sendmail/8.12.4
- version/sendmail sendmail/8.12.5
- version/sendmail sendmail/8.12.6
- version/sendmail sendmail/8.12.7
- version/sendmail sendmail switch/2.1
- version/sendmail sendmail switch/2.1.1
- version/sendmail sendmail switch/2.1.2
- version/sendmail sendmail switch/2.1.3
- version/sendmail sendmail switch/2.1.4
- version/sendmail sendmail switch/2.2
- version/sendmail sendmail switch/2.2.1
- version/sendmail sendmail switch/2.2.2
- version/sendmail sendmail switch/2.2.3
- version/sendmail sendmail switch/2.2.4
- version/sendmail sendmail switch/3.0
- version/sendmail sendmail switch/3.0.1
- version/sendmail sendmail switch/3.0.2
- version/sgi freeware/1.0
- version/sun solaris/2.6
- version/sun solaris/7.0
- version/sun solaris/8.0
- version/sun solaris/9.0