CVE-2002-1337 — HIGH (10.0)

Q: How severe is CVE-2002-1337?

CVE-2002-1337 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2002-1337?

Check the references section above for vendor advisories and patch information. Affected products include: Sendmail Sendmail, Hp Alphaserver Sc, Gentoo Linux, Hp Hp-Ux, Netbsd Netbsd.

Vulnerability Description

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Sendmail	Sendmail	< 8.9.3
Hp	Alphaserver Sc	All versions
Gentoo	Linux	1.4
Hp	Hp-Ux	10.10
Netbsd	Netbsd	1.5
Oracle	Solaris	2.6
Sun	Sunos	-
Windriver	Bsdos	4.2
Windriver	Platform Sa	1.0

Related Weaknesses (CWE)

CWE-120

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.ascBroken Link
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-PBroken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028Broken Link
http://marc.info/?l=bugtraq&m=104673778105192&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104678739608479&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862109841&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862409849&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104679411316818&w=2Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=onlyBroken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=onlyBroken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=onlyBroken Link
http://www.cert.org/advisories/CA-2003-07.htmlBroken LinkPatchThird Party Advisory

FAQ

What is CVE-2002-1337?

CVE-2002-1337 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the c...

How severe is CVE-2002-1337?

CVE-2002-1337 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-1337?

Check the references section above for vendor advisories and patch information. Affected products include: Sendmail Sendmail, Hp Alphaserver Sc, Gentoo Linux, Hp Hp-Ux, Netbsd Netbsd.