10

CVE-2002-1337

Exploit

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Data is provided by the National Vulnerability Database (NVD)
SendmailSendmail Version < 8.9.3
SendmailSendmail Version >= 8.10.0 < 8.11.6
SendmailSendmail Version >= 8.12.0 < 8.12.8
GentooLinux Version1.4 Updaterc1
GentooLinux Version1.4 Updaterc2
HpHp-ux Version10.10
HpHp-ux Version10.20
HpHp-ux Version11.00
HpHp-ux Version11.0.4
HpHp-ux Version11.11
HpHp-ux Version11.22
NetbsdNetbsd Version1.5
NetbsdNetbsd Version1.5.1
NetbsdNetbsd Version1.5.2
NetbsdNetbsd Version1.5.3
NetbsdNetbsd Version1.6
OracleSolaris Version2.6
OracleSolaris Version7.0
OracleSolaris Version8
OracleSolaris Version9
SunSunos Version-
SunSunos Version5.7
SunSunos Version5.8
WindriverBsdos Version4.2
WindriverBsdos Version4.3.1
WindriverBsdos Version5.0
WindriverPlatform Sa Version1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 51.42% 0.978
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://www.cert.org/advisories/CA-2003-07.html
Patch
Third Party Advisory
US Government Resource
Broken Link
http://www.kb.cert.org/vuls/id/398025
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/6991
Patch
Third Party Advisory
Vendor Advisory
Exploit
Broken Link
VDB Entry
http://www.sendmail.org/8.12.8.html
Patch
Vendor Advisory
Broken Link