10

CVE-2002-1337

Exploit
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SendmailSendmail Version < 8.9.3
SendmailSendmail Version >= 8.10.0 < 8.11.6
SendmailSendmail Version >= 8.12.0 < 8.12.8
GentooLinux Version1.4 Updaterc1
GentooLinux Version1.4 Updaterc2
HpHp-ux Version10.10
HpHp-ux Version10.20
HpHp-ux Version11.00
HpHp-ux Version11.0.4
HpHp-ux Version11.11
HpHp-ux Version11.22
NetbsdNetbsd Version1.5
NetbsdNetbsd Version1.5.1
NetbsdNetbsd Version1.5.2
NetbsdNetbsd Version1.5.3
NetbsdNetbsd Version1.6
OracleSolaris Version2.6
OracleSolaris Version7.0
OracleSolaris Version8
OracleSolaris Version9
SunSunos Version-
SunSunos Version5.7
SunSunos Version5.8
WindriverBsdos Version4.2
WindriverBsdos Version4.3.1
WindriverBsdos Version5.0
WindriverPlatform Sa Version1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 72.2% 0.994
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

http://www.redhat.com/support/errata/RHSA-2003-073.html
Broken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
Broken Link
http://marc.info/?l=bugtraq&m=104673778105192&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=104678739608479&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862109841&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862409849&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=104679411316818&w=2
Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
Broken Link
http://www.cert.org/advisories/CA-2003-07.html
Patch
Third Party Advisory
US Government Resource
Broken Link
http://www.debian.org/security/2003/dsa-257
Broken Link
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
Patch
Vendor Advisory
Broken Link
http://www.iss.net/security_center/static/10748.php
Broken Link
http://www.kb.cert.org/vuls/id/398025
Third Party Advisory
US Government Resource
http://www.redhat.com/support/errata/RHSA-2003-074.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2003-227.html
Broken Link
http://www.securityfocus.com/bid/6991
Patch
Third Party Advisory
Vendor Advisory
Exploit
Broken Link
VDB Entry
http://www.sendmail.org/8.12.8.html
Patch
Vendor Advisory
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
Broken Link