Vulnerability Description
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Bastille | b.02.00.05 |
| Hp | Hp-Ux | 11.00 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/hp/2003-q1/0033.html
- http://www.securityfocus.com/bid/6878Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11366
- http://archives.neohapsis.com/archives/hp/2003-q1/0033.html
- http://www.securityfocus.com/bid/6878Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11366
FAQ
What is CVE-2003-1362?
CVE-2003-1362 is a vulnerability with a CVSS score of 7.8 (HIGH). Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of sy...
How severe is CVE-2003-1362?
CVE-2003-1362 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1362?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Bastille, Hp Hp-Ux.