CVE-2002-1337: Buffer Overflow
First published: Fri Mar 07 2003(Updated: )
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sendmail Sendmail | <8.9.3 | |
| Sendmail Sendmail | >=8.10.0<8.11.6 | |
| Sendmail Sendmail | >=8.12.0<8.12.8 | |
| HP AlphaServer SC | ||
| Gentoo Linux | =1.4-rc1 | |
| Gentoo Linux | =1.4-rc2 | |
| HPE HP-UX | =10.10 | |
| HPE HP-UX | =10.20 | |
| HPE HP-UX | =11.00 | |
| HPE HP-UX | =11.0.4 | |
| HPE HP-UX | =11.11 | |
| HPE HP-UX | =11.22 | |
| NetBSD NetBSD | =1.5 | |
| NetBSD NetBSD | =1.5.1 | |
| NetBSD NetBSD | =1.5.2 | |
| NetBSD NetBSD | =1.5.3 | |
| NetBSD NetBSD | =1.6 | |
| Oracle Solaris SPARC | =2.6 | |
| Oracle Solaris SPARC | =7.0 | |
| Oracle Solaris SPARC | =8 | |
| Oracle Solaris SPARC | =9 | |
| Sun SunOS | ||
| Sun SunOS | =5.7 | |
| Sun SunOS | =5.8 | |
| windriver bsdos | =4.2 | |
| windriver bsdos | =4.3.1 | |
| windriver bsdos | =5.0 | |
| windriver platform sa | =1.0 | |
| Sendmail | =2.1.2 | |
| Sendmail | =3.0.2 | |
| Sendmail | =2.2.2 | |
| Sendmail Sendmail | =8.9.2 | |
| Sendmail | =2.1.1 | |
| Sendmail Sendmail | =8.11.4 | |
| Sendmail Sendmail | =8.8.8 | |
| Sendmail Sendmail | =2.6.1 | |
| Sendmail Sendmail | =8.12-beta16 | |
| Sendmail Sendmail | =8.11.1 | |
| Sendmail Sendmail | =8.11.0 | |
| Sendmail | =2.1.3 | |
| Sendmail Sendmail | =8.12.3 | |
| Sendmail Sendmail | =2.6 | |
| Sendmail Sendmail | =8.11.3 | |
| Sendmail | =2.2.1 | |
| Sendmail | =1.3 | |
| Sendmail Sendmail | =5.59 | |
| Sendmail Sendmail | =5.61 | |
| Sendmail Sendmail | =8.9.1 | |
| Sendmail Sendmail | =3.0.1 | |
| Sendmail | =1.2 | |
| Sendmail | =2.2 | |
| Sendmail Sendmail | =8.10.2 | |
| Sendmail Sendmail | =8.12.4 | |
| Sendmail Sendmail | =8.12-beta12 | |
| Sendmail Sendmail | =8.9.0 | |
| Sendmail Sendmail | =8.10.1 | |
| Sendmail | =2.1 | |
| Sendmail Sendmail | =8.12.1 | |
| Sendmail Sendmail | =5.65 | |
| Sendmail Sendmail | =8.11.6 | |
| Sendmail Sendmail | =8.12.5 | |
| Sendmail | =2.2.3 | |
| Sendmail Sendmail | =8.10 | |
| Sendmail | =3.0 | |
| Sendmail Sendmail | =3.0 | |
| Sendmail Sendmail | =8.12-beta7 | |
| Sendmail Sendmail | =8.9.3 | |
| Sendmail Sendmail | =8.12.0 | |
| Sendmail Sendmail | =8.12-beta5 | |
| Sendmail Sendmail | =8.12.6 | |
| SGI Freeware | =1.0 | |
| Sendmail | =3.0.1 | |
| Sendmail Sendmail | =3.0.2 | |
| Sendmail Sendmail | =8.12-beta10 | |
| Sendmail Sendmail | =8.12.2 | |
| Sendmail Sendmail | =8.11.2 | |
| Sendmail Sendmail | =8.12.7 | |
| Sendmail | =2.2.4 | |
| Sendmail Sendmail | =8.11.5 | |
| Sendmail | =2.1.4 | |
| Oracle Solaris SPARC | =9.0 | |
| Oracle Solaris SPARC | =7.0 | |
| Oracle Solaris SPARC | =9.0 | |
| Oracle Solaris SPARC | =2.6 | |
| Oracle Solaris SPARC | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
- http://www.sendmail.org/8.12.8.html
- http://www.cert.org/advisories/CA-2003-07.html
- http://www.securityfocus.com/bid/6991
- http://www.redhat.com/support/errata/RHSA-2003-073.html
- http://www.redhat.com/support/errata/RHSA-2003-074.html
- http://www.redhat.com/support/errata/RHSA-2003-227.html
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
- http://www.debian.org/security/2003/dsa-257
- http://www.kb.cert.org/vuls/id/398025
- http://www.iss.net/security_center/static/10748.php
- http://marc.info/?l=bugtraq&m=104679411316818&w=2
- http://marc.info/?l=bugtraq&m=104678739608479&w=2
- http://marc.info/?l=bugtraq&m=104678862109841&w=2
- http://marc.info/?l=bugtraq&m=104673778105192&w=2
- http://marc.info/?l=bugtraq&m=104678862409849&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
Frequently Asked Questions
What is the severity of CVE-2002-1337?
The severity of CVE-2002-1337 is considered high due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2002-1337?
To fix CVE-2002-1337, update Sendmail to a version later than 8.12.8, or apply the appropriate patches provided by the vendor.
What versions of Sendmail are affected by CVE-2002-1337?
CVE-2002-1337 affects Sendmail versions from 5.79 to 8.12.7 inclusive.
Can CVE-2002-1337 be exploited remotely?
Yes, CVE-2002-1337 can be exploited remotely through specially crafted email messages manipulating address fields.
What type of vulnerability is CVE-2002-1337?
CVE-2002-1337 is a buffer overflow vulnerability, which can lead to arbitrary code execution.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-historical
- vendor/sendmail
- product/sendmail switch
- canonical/sendmail sendmail switch
- product/sendmail
- canonical/sendmail sendmail
- product/advanced message server
- canonical/sendmail advanced message server
- vendor/sgi
- product/freeware
- canonical/sgi freeware
- vendor/netbsd
- product/netbsd
- canonical/netbsd netbsd
- vendor/hp
- product/hp-ux
- canonical/hp hp-ux
- vendor/windriver
- product/bsdos
- canonical/windriver bsdos
- vendor/sun
- product/sunos
- canonical/sun sunos
- product/solaris
- canonical/sun solaris
- vendor/gentoo
- product/linux
- canonical/gentoo linux
- product/platform sa
- canonical/windriver platform sa
- product/alphaserver sc
- canonical/hp alphaserver sc
- collector/nvd-index
- version/sendmail sendmail/8.10.0
- version/sendmail sendmail/8.12.0
- version/gentoo linux/1.4-rc1
- version/gentoo linux/1.4-rc2
- canonical/hpe hp-ux
- version/hpe hp-ux/10.10
- version/hpe hp-ux/10.20
- version/hpe hp-ux/11.00
- version/hpe hp-ux/11.0.4
- version/hpe hp-ux/11.11
- version/hpe hp-ux/11.22
- version/netbsd netbsd/1.5
- version/netbsd netbsd/1.5.1
- version/netbsd netbsd/1.5.2
- version/netbsd netbsd/1.5.3
- version/netbsd netbsd/1.6
- vendor/oracle
- canonical/oracle solaris sparc
- version/oracle solaris sparc/2.6
- version/oracle solaris sparc/7.0
- version/oracle solaris sparc/8
- version/oracle solaris sparc/9
- version/sun sunos/5.7
- version/sun sunos/5.8
- version/windriver bsdos/4.2
- version/windriver bsdos/4.3.1
- version/windriver bsdos/5.0
- version/windriver platform sa/1.0
- canonical/sendmail
- version/sendmail/2.1.2
- version/sendmail/3.0.2
- version/sendmail/2.2.2
- version/sendmail sendmail/8.9.2
- version/sendmail/2.1.1
- version/sendmail sendmail/8.11.4
- version/sendmail sendmail/8.8.8
- version/sendmail sendmail/2.6.1
- version/sendmail sendmail/8.12-beta16
- version/sendmail sendmail/8.11.1
- version/sendmail sendmail/8.11.0
- version/sendmail/2.1.3
- version/sendmail sendmail/8.12.3
- version/sendmail sendmail/2.6
- version/sendmail sendmail/8.11.3
- version/sendmail/2.2.1
- version/sendmail/1.3
- version/sendmail sendmail/5.59
- version/sendmail sendmail/5.61
- version/sendmail sendmail/8.9.1
- version/sendmail sendmail/3.0.1
- version/sendmail/1.2
- version/sendmail/2.2
- version/sendmail sendmail/8.10.2
- version/sendmail sendmail/8.12.4
- version/sendmail sendmail/8.12-beta12
- version/sendmail sendmail/8.9.0
- version/sendmail sendmail/8.10.1
- version/sendmail/2.1
- version/sendmail sendmail/8.12.1
- version/sendmail sendmail/5.65
- version/sendmail sendmail/8.11.6
- version/sendmail sendmail/8.12.5
- version/sendmail/2.2.3
- version/sendmail sendmail/8.10
- version/sendmail/3.0
- version/sendmail sendmail/3.0
- version/sendmail sendmail/8.12-beta7
- version/sendmail sendmail/8.9.3
- version/sendmail sendmail/8.12-beta5
- version/sendmail sendmail/8.12.6
- version/sgi freeware/1.0
- version/sendmail/3.0.1
- version/sendmail sendmail/3.0.2
- version/sendmail sendmail/8.12-beta10
- version/sendmail sendmail/8.12.2
- version/sendmail sendmail/8.11.2
- version/sendmail sendmail/8.12.7
- version/sendmail/2.2.4
- version/sendmail sendmail/8.11.5
- version/sendmail/2.1.4
- version/oracle solaris sparc/9.0
- version/oracle solaris sparc/8.0