ID

VAR-200303-0122


CVE

CVE-2002-1337


TITLE

Remote Buffer Overflow in Sendmail

Trust: 0.8

sources: CERT/CC: VU#398025

DESCRIPTION

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. sendmail A buffer overflow vulnerability was discovered in message processing. The vulnerability could allow a third party to gain administrative privileges remotely. This problem, sendmail is caused by receiving a message with maliciously constructed header information. For this reason, LAN is running on a host installed within sendmail Even other MTA (Mail Transfer Agent) You may be affected by the vulnerability if you receive a malicious message relayed from .A third party may be able to remotely obtain administrator privileges. Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. Reportedly, this vulnerability may be locally exploitable if the sendmail binary is setuid/setgid. Sendmail 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or to apply patches to earlier versions of the 8.12.x tree. Most organizations have various mail transfer agents (MTAs) at various locations within their network, at least one of which is directly connected to the Internet. According to statistics, Internet mail traffic handled by Sendmail accounts for 50\\% to 75\\% of the total. Many UNIX and Linux workstations run Sendmail by default. When an email header contains an address or address list (eg \"From\", \"To\", \"CC\"), Sendmail will attempt to check whether the provided address or address list is valid. Sendmail does this using the crackaddr() function, which is located in the headers.c file in the Sendmail source tree. Sendmail will check this buffer and stop adding data to it if it is found to be full. Sendmail goes through several safety checks to ensure that characters are interpreted correctly. On most Unix or Linux systems, Sendmail runs as the root user. Because the attack code can be included in what appears to be a normal email message, it can easily penetrate many common packet filtering devices or firewalls without being detected. Successful exploitation of an unpatched sendmail system leaves no messages in the syslog. However, on patched systems, attempts to exploit this vulnerability leave the following log message: Dropped invalid comments from header address This vulnerability affects both the commercial and open source versions of Sendmail, and is also reported to have been tested in the lab environment has been successfully exploited

Trust: 2.7

sources: NVD: CVE-2002-1337 // CERT/CC: VU#398025 // JVNDB: JVNDB-2003-000061 // BID: 6991 // VULHUB: VHN-5722

AFFECTED PRODUCTS

vendor:netbsdmodel:netbsdscope:eqversion:1.6

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.5.3

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.5.2

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.5.1

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.5

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:11.22

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:11.11

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:10.20

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:10.10

Trust: 1.3

vendor:sendmailmodel:sendmailscope:ltversion:8.9.3

Trust: 1.0

vendor:windrivermodel:bsdosscope:eqversion:4.2

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:11.00

Trust: 1.0

vendor:sendmailmodel:sendmailscope:ltversion:8.11.6

Trust: 1.0

vendor:sendmailmodel:sendmailscope:gteversion:8.10.0

Trust: 1.0

vendor:sunmodel:sunosscope:eqversion:5.8

Trust: 1.0

vendor:sendmailmodel:sendmailscope:gteversion:8.12.0

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:2.6

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:7.0

Trust: 1.0

vendor:sunmodel:sunosscope:eqversion:5.7

Trust: 1.0

vendor:windrivermodel:bsdosscope:eqversion:4.3.1

Trust: 1.0

vendor:windrivermodel:bsdosscope:eqversion:5.0

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:11.0.4

Trust: 1.0

vendor:hpmodel:alphaserver scscope:eqversion:*

Trust: 1.0

vendor:sunmodel:sunosscope:eqversion: -

Trust: 1.0

vendor:windrivermodel:platform sascope:eqversion:1.0

Trust: 1.0

vendor:sendmailmodel:sendmailscope:ltversion:8.12.8

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:8

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:9

Trust: 1.0

vendor:gentoomodel:linuxscope:eqversion:1.4

Trust: 1.0

vendor:hpmodel:alphaserver scscope: - version: -

Trust: 0.9

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:bsd osmodel: - scope: - version: -

Trust: 0.8

vendor:conectivamodel: - scope: - version: -

Trust: 0.8

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel: - scope: - version: -

Trust: 0.8

vendor:nortelmodel: - scope: - version: -

Trust: 0.8

vendor:openbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openpkgmodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:sgimodel: - scope: - version: -

Trust: 0.8

vendor:sendmailmodel: - scope: - version: -

Trust: 0.8

vendor:slackwaremodel: - scope: - version: -

Trust: 0.8

vendor:susemodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:the sco group sco linuxmodel: - scope: - version: -

Trust: 0.8

vendor:the sco group sco unixwaremodel: - scope: - version: -

Trust: 0.8

vendor:the sendmail consortiummodel: - scope: - version: -

Trust: 0.8

vendor:xeroxmodel: - scope: - version: -

Trust: 0.8

vendor:フォア チューンmodel:bsd/osscope: - version: -

Trust: 0.8

vendor:日本電気model:ux4800シリーズscope: - version: -

Trust: 0.8

vendor:sendmail consortiummodel:sendmailscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:サン マイクロシステムズmodel:sun cobalt qube3scope: - version: -

Trust: 0.8

vendor:富士通model:systemwalker perfmgrscope: - version: -

Trust: 0.8

vendor:富士通model:teamware officescope:eqversion: -

Trust: 0.8

vendor:サン マイクロシステムズmodel:sun cobalt raq3scope: - version: -

Trust: 0.8

vendor:センドメール社model:sendmail switchscope: - version: -

Trust: 0.8

vendor:日本電気model:up-uxscope: - version: -

Trust: 0.8

vendor:サン マイクロシステムズmodel:sun cobalt raq4scope: - version: -

Trust: 0.8

vendor:富士通model:interstage collaborationring pmscope: - version: -

Trust: 0.8

vendor:sgimodel:irixscope: - version: -

Trust: 0.8

vendor:netbsdmodel:netbsdscope: - version: -

Trust: 0.8

vendor:サン マイクロシステムズmodel:sun linux 5.0scope: - version: -

Trust: 0.8

vendor:ターボリナックスmodel:turbolinux workstationscope: - version: -

Trust: 0.8

vendor:scomodel:unixwarescope: - version: -

Trust: 0.8

vendor:富士通model:interstage collaborationring tpmscope: - version: -

Trust: 0.8

vendor:センドメール社model:sendmail proscope: - version: -

Trust: 0.8

vendor:センドメール社model:sendmail for ntscope: - version: -

Trust: 0.8

vendor:ターボリナックスmodel:turbolinux advanced serverscope: - version: -

Trust: 0.8

vendor:富士通model:systemwalker it budgetmgrscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:ibmmodel:aixscope: - version: -

Trust: 0.8

vendor:日立model:hi-ux/we2scope: - version: -

Trust: 0.8

vendor:scomodel:open unixscope: - version: -

Trust: 0.8

vendor:トレンドマイクロmodel:trendmicro interscan viruswallscope: - version: -

Trust: 0.8

vendor:サン マイクロシステムズmodel:sun cobalt raq550scope: - version: -

Trust: 0.8

vendor:富士通model:internet navigware serverscope: - version: -

Trust: 0.8

vendor:scomodel:openlinuxscope: - version: -

Trust: 0.8

vendor:ヒューレット パッカードmodel:hp-uxscope: - version: -

Trust: 0.8

vendor:富士通model:interstage office squarescope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope: - version: -

Trust: 0.8

vendor:サン マイクロシステムズmodel:sun solarisscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat linux advanced workstationscope: - version: -

Trust: 0.8

vendor:ターボリナックスmodel:turbolinux serverscope: - version: -

Trust: 0.8

vendor:サン マイクロシステムズmodel:sun cobalt raqxtrscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat linuxscope: - version: -

Trust: 0.8

vendor:日本電気model:ews-uxscope: - version: -

Trust: 0.8

vendor:freebsdmodel:freebsdscope: - version: -

Trust: 0.8

vendor:hpmodel:hp-uxscope:eqversion:11.04

Trust: 0.6

vendor:windmodel:river systems platform sascope:eqversion:1.0

Trust: 0.3

vendor:windmodel:river systems bsd/osscope:eqversion:5.0

Trust: 0.3

vendor:windmodel:river systems bsd/osscope:eqversion:4.3.1

Trust: 0.3

vendor:windmodel:river systems bsd/osscope:eqversion:4.2

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:9

Trust: 0.3

vendor:sunmodel:solaris 8 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 8 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 7.0 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:7.0

Trust: 0.3

vendor:sunmodel:solaris 2.6 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:2.6

Trust: 0.3

vendor:sunmodel:lx50scope: - version: -

Trust: 0.3

vendor:sunmodel:cobalt raq xtrscope: - version: -

Trust: 0.3

vendor:sunmodel:cobalt raqscope:eqversion:550

Trust: 0.3

vendor:sunmodel:cobalt raqscope:eqversion:4

Trust: 0.3

vendor:sunmodel:cobalt raqscope:eqversion:3

Trust: 0.3

vendor:sunmodel:cobalt qubescope:eqversion:3

Trust: 0.3

vendor:sunmodel:cobalt manageraq3 3000r-mrscope: - version: -

Trust: 0.3

vendor:sunmodel:cobalt cacheraqscope:eqversion:4

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.19

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.18

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.17

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.16

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.15

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.14

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.13

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.12

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.11

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.10

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.9

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.8

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.7

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.6

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.5

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.4

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.3

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.2

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.1

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5

Trust: 0.3

vendor:sgimodel:freewarescope:eqversion:1.0

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:3.0.2

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:3.0.1

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:3.0

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.2.4

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.2.3

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.2.2

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.2.1

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.2

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.1.4

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.1.3

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.1.2

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.1.1

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:eqversion:2.1

Trust: 0.3

vendor:sendmailmodel:inc sendmail for ntscope:eqversion:3.0.2

Trust: 0.3

vendor:sendmailmodel:inc sendmail for ntscope:eqversion:3.0.1

Trust: 0.3

vendor:sendmailmodel:inc sendmail for ntscope:eqversion:3.0

Trust: 0.3

vendor:sendmailmodel:inc sendmail for ntscope:eqversion:2.6.1

Trust: 0.3

vendor:sendmailmodel:inc sendmail for ntscope:eqversion:2.6

Trust: 0.3

vendor:sendmailmodel:inc sendmail advanced message serverscope:eqversion:1.3

Trust: 0.3

vendor:sendmailmodel:inc sendmail advanced message serverscope:eqversion:1.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:3.0.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:3.0.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:3.0

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.2.4

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.2.3

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.2.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.2.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.1.4

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.1.3

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.1.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.1.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:eqversion:2.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmail for ntscope:eqversion:3.0.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmail for ntscope:eqversion:3.0.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmail for ntscope:eqversion:3.0

Trust: 0.3

vendor:sendmailmodel:consortium sendmail for ntscope:eqversion:2.6.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmail for ntscope:eqversion:2.6

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.12.7

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.12.6

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.12.5

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.12.4

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.12.3

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.12.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.12.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmail beta7scope:eqversion:8.12

Trust: 0.3

vendor:sendmailmodel:consortium sendmail beta5scope:eqversion:8.12

Trust: 0.3

vendor:sendmailmodel:consortium sendmail beta16scope:eqversion:8.12

Trust: 0.3

vendor:sendmailmodel:consortium sendmail beta12scope:eqversion:8.12

Trust: 0.3

vendor:sendmailmodel:consortium sendmail beta10scope:eqversion:8.12

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.12.0

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.11.6

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.11.5

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.11.4

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.11.3

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.11.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.11.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.11

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.10.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.10.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.10

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.9.3

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.9.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.9.1

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.9.0

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:8.8.8

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:5.65

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:5.61

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:eqversion:5.59

Trust: 0.3

vendor:scomodel:unixwarescope:eqversion:7.1.3

Trust: 0.3

vendor:scomodel:unixwarescope:eqversion:7.1.1

Trust: 0.3

vendor:scomodel:open unixscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:z/os v1r4scope: - version: -

Trust: 0.3

vendor:ibmmodel:z/os v1r2scope: - version: -

Trust: 0.3

vendor:ibmmodel:os/390 v2r8scope: - version: -

Trust: 0.3

vendor:ibmmodel:os/390 v2r10scope: - version: -

Trust: 0.3

vendor:ibmmodel:mvsscope: - version: -

Trust: 0.3

vendor:hpmodel:mpe/ixscope:eqversion:6.5

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.22scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.04scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.00scope: - version: -

Trust: 0.3

vendor:gentoomodel:linux rc2scope:eqversion:1.4

Trust: 0.3

vendor:gentoomodel:linux rc1scope:eqversion:1.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.7

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.6

Trust: 0.3

vendor:sgimodel:irixscope:neversion:6.5.20

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:neversion:3.0.3

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:neversion:2.2.5

Trust: 0.3

vendor:sendmailmodel:inc sendmail switchscope:neversion:2.1.5

Trust: 0.3

vendor:sendmailmodel:inc sendmail for ntscope:neversion:3.0.3

Trust: 0.3

vendor:sendmailmodel:inc sendmail for ntscope:neversion:2.6.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:neversion:3.0.3

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:neversion:2.2.5

Trust: 0.3

vendor:sendmailmodel:consortium sendmail switchscope:neversion:2.1.5

Trust: 0.3

vendor:sendmailmodel:consortium sendmail for ntscope:neversion:3.0.3

Trust: 0.3

vendor:sendmailmodel:consortium sendmail for ntscope:neversion:2.6.2

Trust: 0.3

vendor:sendmailmodel:consortium sendmailscope:neversion:8.12.8

Trust: 0.3

vendor:openwallmodel:gnu/*/linuxscope:neversion:1.0

Trust: 0.3

vendor:junipermodel:networks junosscope:neversion:5.1

Trust: 0.3

vendor:junipermodel:networks junosscope:neversion:5.0

Trust: 0.3

sources: CERT/CC: VU#398025 // BID: 6991 // JVNDB: JVNDB-2003-000061 // CNNVD: CNNVD-200303-038 // NVD: CVE-2002-1337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1337
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#398025
value: 66.00

Trust: 0.8

NVD: CVE-2002-1337
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200303-038
value: CRITICAL

Trust: 0.6

VULHUB: VHN-5722
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1337
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-5722
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#398025 // VULHUB: VHN-5722 // JVNDB: JVNDB-2003-000061 // CNNVD: CNNVD-200303-038 // NVD: CVE-2002-1337

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2003-000061 // NVD: CVE-2002-1337

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-038

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 6991 // CNNVD: CNNVD-200303-038

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-5722

PATCH

title:HS03-001 Fujitsu CERT Advisory informationurl:http://www.debian.org/security/2003/dsa-257

Trust: 0.8

sources: JVNDB: JVNDB-2003-000061

EXTERNAL IDS

db:NVDid:CVE-2002-1337

Trust: 3.6

db:CERT/CCid:VU#398025

Trust: 3.3

db:BIDid:6991

Trust: 2.8

db:XFid:10748

Trust: 1.4

db:XFid:11653

Trust: 0.8

db:JVNDBid:JVNDB-2003-000061

Trust: 0.8

db:CNNVDid:CNNVD-200303-038

Trust: 0.7

db:CALDERAid:CSSA-2003-SCO.5

Trust: 0.6

db:CALDERAid:CSSA-2003-SCO.6

Trust: 0.6

db:REDHATid:RHSA-2003:074

Trust: 0.6

db:REDHATid:RHSA-2003:073

Trust: 0.6

db:REDHATid:RHSA-2003:227

Trust: 0.6

db:HPid:HPSBUX0302-246

Trust: 0.6

db:BUGTRAQid:20030303 FWD: APPLE-SA-2003-03-03 SENDMAIL

Trust: 0.6

db:BUGTRAQid:20030304 [LSD] TECHNICAL ANALYSIS OF THE REMOTE SENDMAIL VULNERABILITY

Trust: 0.6

db:BUGTRAQid:20030304 GLSA: SENDMAIL (200303-4)

Trust: 0.6

db:BUGTRAQid:20030303 SENDMAIL 8.12.8 AVAILABLE

Trust: 0.6

db:CERT/CCid:CA-2003-07

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:2222

Trust: 0.6

db:AIXAPARid:IY40500

Trust: 0.6

db:AIXAPARid:IY40502

Trust: 0.6

db:AIXAPARid:IY40501

Trust: 0.6

db:CONECTIVAid:CLA-2003:571

Trust: 0.6

db:MANDRAKEid:MDKSA-2003:028

Trust: 0.6

db:SGIid:20030301-01-P

Trust: 0.6

db:DEBIANid:DSA-257

Trust: 0.6

db:ISSid:20030303 REMOTE SENDMAIL HEADER PROCESSING VULNERABILITY

Trust: 0.6

db:NETBSDid:NETBSD-SA2003-002

Trust: 0.6

db:SEEBUGid:SSVID-76118

Trust: 0.1

db:SEEBUGid:SSVID-76119

Trust: 0.1

db:EXPLOIT-DBid:22314

Trust: 0.1

db:EXPLOIT-DBid:22313

Trust: 0.1

db:EXPLOIT-DBid:411

Trust: 0.1

db:VULHUBid:VHN-5722

Trust: 0.1

sources: CERT/CC: VU#398025 // VULHUB: VHN-5722 // BID: 6991 // JVNDB: JVNDB-2003-000061 // CNNVD: CNNVD-200303-038 // NVD: CVE-2002-1337

REFERENCES

url:http://www.iss.net/issen/delivery/xforce/alertdetail.jsp?oid=21950

Trust: 4.3

url:http://www.sendmail.org/8.12.8.html

Trust: 3.8

url:http://www.cert.org/advisories/ca-2003-07.html

Trust: 3.8

url:http://www.securityfocus.com/bid/6991

Trust: 3.5

url:http://www.kb.cert.org/vuls/id/398025

Trust: 3.5

url:http://www-1.ibm.com/support/search.wss?rs=0&q=iy40500&apar=only

Trust: 2.7

url:http://www-1.ibm.com/support/search.wss?rs=0&q=iy40501&apar=only

Trust: 2.7

url:http://www-1.ibm.com/support/search.wss?rs=0&q=iy40502&apar=only

Trust: 2.7

url:ftp://ftp.sco.com/pub/updates/unixware/cssa-2003-sco.5

Trust: 2.7

url:ftp://ftp.sco.com/pub/updates/openserver/cssa-2003-sco.6

Trust: 2.7

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571

Trust: 2.7

url:http://www.debian.org/security/2003/dsa-257

Trust: 2.7

url:http://frontal2.mandriva.com/security/advisories?name=mdksa-2003:028

Trust: 2.7

url:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-002.txt.asc

Trust: 2.7

url:http://www.redhat.com/support/errata/rhsa-2003-073.html

Trust: 2.7

url:http://www.redhat.com/support/errata/rhsa-2003-074.html

Trust: 2.7

url:http://www.redhat.com/support/errata/rhsa-2003-227.html

Trust: 2.7

url:ftp://patches.sgi.com/support/free/security/advisories/20030301-01-p

Trust: 2.7

url:http://www.iss.net/security_center/static/10748.php

Trust: 2.7

url:http://marc.info/?l=bugtraq&m=104678862109841&w=2

Trust: 2.1

url:http://marc.info/?l=bugtraq&m=104673778105192&w=2

Trust: 2.1

url:http://marc.info/?l=bugtraq&m=104678862409849&w=2

Trust: 2.1

url:http://marc.info/?l=bugtraq&m=104678739608479&w=2

Trust: 2.1

url:http://marc.info/?l=bugtraq&m=104679411316818&w=2

Trust: 2.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2222

Trust: 2.1

url:http://www.sendmail.org

Trust: 1.1

url:http://www.sendmail.com/security/

Trust: 0.8

url:http://www.securityfocus.org/archive/1/313757/2003-03-01/2003-03-07/0

Trust: 0.8

url:http://www.nipc.gov/warnings/advisories/2003/03-004.htm

Trust: 0.8

url:http://jvn.jp/cert/jvnca-2003-07

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1337

Trust: 0.8

url:http://www.jpcert.or.jp/at/2003/at030002.txt

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2003/wr031001.txt

Trust: 0.8

url:http://www.cyberpolice.go.jp/important/20030314_190827.html

Trust: 0.8

url:http://www.cyberpolice.go.jp/important/20030305_170302.html

Trust: 0.8

url:http://www.ipa.go.jp/security/ciadr/20030303sendmail.html

Trust: 0.8

url:http://www.ciac.org/ciac/bulletins/n-048.shtml

Trust: 0.8

url:http://www.isskk.co.jp/support/techinfo/general/sendmailheader_xforce.html

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/10748

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/11653

Trust: 0.8

url:http://ftp.support.compaq.com/patches/public/readmes/unix/t64v51ab21-c0103500-17099-es-20030226.readme

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2222

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2003.0794.1

Trust: 0.3

url:http://www.slackware.org/lists/archive/viewer.php?l=slackware-security&y=2003&m=slackware-security.286398

Trust: 0.3

url:http://www.sendmail.org/

Trust: 0.3

url:ftp://ftp1.support.compaq.com/public/unix/v4.0g/t64v40gb17-c0028100-16887-es-20030211.readme

Trust: 0.3

url:ftp://ftp1.support.compaq.com/public/unix/v4.0f/duv40fb18-c0092200-16888-es-20030211.readme

Trust: 0.3

url:http://ftp1.support.compaq.com/public/unix/v5.0a/t64v50ab17-c0031300-16884-es-20030211.readme

Trust: 0.3

url:ftp://ftp1.support.compaq.com/public/unix/v5.1/t64v51b19-c0169100-16882-es-20030211.readme

Trust: 0.3

url:http://ftp.support.compaq.com/patches/public/readmes/unix/t64v51bb1-c0003900-16874-es-20030211.readme

Trust: 0.3

url:http://ftp.support.compaq.com/patches/public/readmes/unix/t64v51b20-c0169800-16980-es-20030218.readme

Trust: 0.3

url:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51181

Trust: 0.3

url:http://www.sendmail.com

Trust: 0.3

url:/archive/1/313757

Trust: 0.3

url:/archive/1/313795

Trust: 0.3

url:/archive/1/313841

Trust: 0.3

url: -

Trust: 0.1

sources: CERT/CC: VU#398025 // VULHUB: VHN-5722 // BID: 6991 // JVNDB: JVNDB-2003-000061 // CNNVD: CNNVD-200303-038 // NVD: CVE-2002-1337

CREDITS

ISS X-Force※ xforce@iss.net

Trust: 0.6

sources: CNNVD: CNNVD-200303-038

SOURCES

db:CERT/CCid:VU#398025
db:VULHUBid:VHN-5722
db:BIDid:6991
db:JVNDBid:JVNDB-2003-000061
db:CNNVDid:CNNVD-200303-038
db:NVDid:CVE-2002-1337

LAST UPDATE DATE

2024-11-22T21:23:55.658000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#398025date:2003-09-15T00:00:00
db:VULHUBid:VHN-5722date:2018-10-30T00:00:00
db:BIDid:6991date:2007-09-22T00:30:00
db:JVNDBid:JVNDB-2003-000061date:2024-03-01T01:52:00
db:CNNVDid:CNNVD-200303-038date:2006-08-24T00:00:00
db:NVDid:CVE-2002-1337date:2024-11-20T23:41:03.983

SOURCES RELEASE DATE

db:CERT/CCid:VU#398025date:2003-03-03T00:00:00
db:VULHUBid:VHN-5722date:2003-03-07T00:00:00
db:BIDid:6991date:2003-03-02T00:00:00
db:JVNDBid:JVNDB-2003-000061date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200303-038date:2003-03-07T00:00:00
db:NVDid:CVE-2002-1337date:2003-03-07T05:00:00