CVE-2003-1362
First published: Wed Dec 31 2003(Updated: )
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HPE HP-UX | =11.11 | |
| HPE HP-UX | =11.00 | |
| HP Bastille | =b.02.00.05 | |
| HPE HP-UX | =11.00 | |
| HPE HP-UX | =11.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1362?
CVE-2003-1362 has a moderate severity rating due to its potential to allow remote attackers to verify the existence of system users.
How do I fix CVE-2003-1362?
To remediate CVE-2003-1362, review and properly configure the NOVRFY and NOEXPN options in the sendmail.cf file.
What versions of HP-UX are affected by CVE-2003-1362?
CVE-2003-1362 affects HP-UX versions 11.00 and 11.11 when using Bastille B.02.00.00.
Can CVE-2003-1362 lead to information disclosure?
Yes, CVE-2003-1362 can lead to information disclosure by allowing attackers to enumerate valid users on the system.
Is there a known exploit for CVE-2003-1362?
As of now, there are no public exploits specifically targeting CVE-2003-1362, but the vulnerability can still be exploited if not mitigated.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hp
- canonical/hpe hp-ux
- version/hpe hp-ux/11.11
- version/hpe hp-ux/11.00
- canonical/hp bastille
- version/hp bastille/b.02.00.05