critical
10
CWE
NVD-CWE-Other 119
Advisory Published
Updated

CVE-2003-0161: Buffer Overflow

First published: Tue Apr 01 2003(Updated: )

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Sendmail Sendmail Switch=2.1.2
Sendmail Sendmail Switch=3.0.2
Sendmail Sendmail Switch=2.2.2
Sendmail Sendmail=2.6.2
Sendmail Sendmail=8.9.2
Sendmail Sendmail Switch=2.1.1
Sendmail Sendmail=8.11.4
Sendmail Sendmail=8.12-beta16
Sendmail Sendmail=2.6
Sendmail Sendmail=8.10.1
Sendmail Sendmail=8.12.8
Sendmail Sendmail=8.9.1
Sendmail Sendmail Switch=2.2
Sendmail Sendmail Switch=2.2.1
Sendmail Sendmail=8.11.1
Sendmail Sendmail=8.11.3
Sendmail Sendmail=8.12.3
Sendmail Sendmail=8.12.4
Sendmail Sendmail Switch=2.1.3
Sendmail Sendmail=2.6.1
Sendmail Sendmail=8.10.2
Sendmail Sendmail=8.11.0
Sendmail Sendmail=8.12.1
Sendmail Sendmail=8.12-beta12
Sendmail Sendmail Switch=2.1
Sendmail Sendmail=3.0.3
Sendmail Sendmail=8.9.0
Sendmail Sendmail=8.10
Sendmail Sendmail=8.11.6
Sendmail Sendmail=8.12.0
Sendmail Sendmail=8.12.7
Sendmail Sendmail Switch=3.0.3
Sendmail Sendmail=3.0
Sendmail Sendmail=3.0.1
Sendmail Sendmail=8.11.2
Sendmail Sendmail=8.12-beta5
Sendmail Sendmail Switch=2.2.4
Sendmail Sendmail Switch=2.2.5
Sendmail Sendmail=8.12.2
Sendmail Sendmail=8.12-beta10
Sendmail Sendmail=8.9.3
Sendmail Sendmail Switch=2.2.3
Sendmail Sendmail=3.0.2
Sendmail Sendmail=8.11.5
Sendmail Sendmail=8.12.5
Sendmail Sendmail=8.12.6
Sendmail Sendmail=8.12-beta7
Sendmail Sendmail Switch=2.1.4
Sendmail Sendmail Switch=2.1.5
Sendmail Sendmail Switch=3.0
Sendmail Sendmail Switch=3.0.1
Hp Hp-ux Series 800=10.20
HP HP-UX=10.30
Compaq Tru64=5.0a_pk3_bl17
HP HP-UX=11.11
Compaq Tru64=5.1_pk3_bl17
HP HP-UX=10.01
Sun Solaris=2.4
Hp Sis
HP HP-UX=10.00
Compaq Tru64=4.0g
Compaq Tru64=4.0d
Compaq Tru64=4.0d_pk9_bl17
Compaq Tru64=5.0_pk4_bl18
HP HP-UX=10.34
Compaq Tru64=4.0g_pk3_bl17
Compaq Tru64=5.0
Compaq Tru64=5.0_pk4_bl17
Compaq Tru64=5.1_pk4_bl18
Compaq Tru64=5.1b_pk1_bl1
HP HP-UX=10.26
Sun Solaris=2.5.1
Sun Solaris=2.5
Sun Solaris=2.5.1
Compaq Tru64=4.0f_pk6_bl17
Sun SunOS=5.5
Sun SunOS=5.7
Sun SunOS=5.8
Compaq Tru64=4.0f_pk7_bl18
Compaq Tru64=5.0a
Compaq Tru64=5.1_pk6_bl20
Compaq Tru64=5.1a
HP HP-UX=10.08
Compaq Tru64=4.0b
Compaq Tru64=5.1_pk5_bl19
Hp Hp-ux Series 700=10.20
Sun Solaris=9.0
Sun Solaris=9.0-x86_update_2
HP HP-UX=11.0.4
Sun SunOS=5.4
Sun Solaris=2.6
Sun SunOS
Compaq Tru64=5.1
Compaq Tru64=5.1a_pk3_bl3
Compaq Tru64=5.1b
HP HP-UX=10.16
HP HP-UX=10.20
HP HP-UX=10.24
HP HP-UX=11.20
HP HP-UX=11.22
Sun SunOS=5.5.1
Sun Solaris=8.0
Sun Solaris=9.0
Compaq Tru64=4.0f
Compaq Tru64=5.0f
Compaq Tru64=5.1a_pk1_bl1
Compaq Tru64=5.1a_pk2_bl2
HP HP-UX=10.09
HP HP-UX=10.10
HP HP-UX=11.00
Sun Solaris=7.0

Remedy

http://www.cert.org/advisories/CA-2003-12.html

Remedy

http://www.redhat.com/support/errata/RHSA-2003-120.html

Remedy

http://www.securityfocus.com/bid/7230

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203