Vulnerability Description
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sendmail | Advanced Message Server | 1.2 |
| Sendmail | Sendmail | 2.6 |
| Sendmail | Sendmail Pro | 8.9.2 |
| Sendmail | Sendmail Switch | 2.1 |
| Sgi | Irix | 6.5.15 |
| Apple | Mac Os X | 10.2 |
| Apple | Mac Os X Server | 10.2 |
| Compaq | Tru64 | 4.0f |
| Freebsd | Freebsd | 3.0 |
| Gentoo | Linux | 0.5 |
| Hp | Hp-Ux | 11.00 |
| Ibm | Aix | 4.3.3 |
| Netbsd | Netbsd | 1.4.3 |
| Sun | Solaris | 2.6 |
| Sun | Sunos | - |
| Turbolinux | Turbolinux Advanced Server | 6.0 |
| Turbolinux | Turbolinux Server | 6.1 |
| Turbolinux | Turbolinux Workstation | 6.0 |
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
- http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742
- http://marc.info/?l=bugtraq&m=106381604923204&w=2
- http://marc.info/?l=bugtraq&m=106382859407683&w=2
- http://marc.info/?l=bugtraq&m=106383437615742&w=2
- http://marc.info/?l=bugtraq&m=106398718909274&w=2
- http://www.cert.org/advisories/CA-2003-25.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.debian.org/security/2003/dsa-384
- http://www.kb.cert.org/vuls/id/784980US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:092
- http://www.redhat.com/support/errata/RHSA-2003-283.html
- http://www.redhat.com/support/errata/RHSA-2003-284.html
- http://www.sendmail.org/8.12.10.htmlPatch
FAQ
What is CVE-2003-0694?
CVE-2003-0694 is a vulnerability with a CVSS score of 10.0 (HIGH). The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
How severe is CVE-2003-0694?
CVE-2003-0694 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0694?
Check the references section above for vendor advisories and patch information. Affected products include: Sendmail Advanced Message Server, Sendmail Sendmail, Sendmail Sendmail Pro, Sendmail Sendmail Switch, Sgi Irix.