CVE-2002-1337

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2002-1337
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 Broken Link
http://marc.info/?l=bugtraq&m=104673778105192&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104678739608479&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862109841&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862409849&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104679411316818&w=2 Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only Broken Link
http://www.cert.org/advisories/CA-2003-07.html Broken Link Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-257 Broken Link
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 Broken Link Patch Vendor Advisory
http://www.iss.net/security_center/static/10748.php Broken Link
http://www.kb.cert.org/vuls/id/398025 Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2003-073.html Broken Link
http://www.redhat.com/support/errata/RHSA-2003-074.html Broken Link
http://www.redhat.com/support/errata/RHSA-2003-227.html Broken Link
http://www.securityfocus.com/bid/6991 Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.sendmail.org/8.12.8.html Broken Link Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:h:hp:alphaserver_sc:*:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:7.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
cpe:2.3:o:windriver:bsdos:4.2:*:*:*:*:*:*:*
cpe:2.3:o:windriver:bsdos:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:windriver:bsdos:5.0:*:*:*:*:*:*:*
cpe:2.3:o:windriver:platform_sa:1.0:*:*:*:*:*:*:*
History

09 Feb 2024, 03:19

Type Values Removed Values Added
CPE cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:sgi:freeware:1.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:3.0:*:nt:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:3.0.1:*:nt:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:3.0.2:*:nt:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:2.6.1:*:nt:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:2.6:*:nt:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*		 cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:7.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
First Time Oracle solaris
Oracle
CWE NVD-CWE-Other CWE-120
References () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc - () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc - Broken Link
References () ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 - () ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 - Broken Link
References () ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 - () ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 - Broken Link
References () ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P - () ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P - Broken Link
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 - () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 - Broken Link
References () http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 - () http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 - Broken Link
References () http://marc.info/?l=bugtraq&m=104673778105192&w=2 - () http://marc.info/?l=bugtraq&m=104673778105192&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104678739608479&w=2 - () http://marc.info/?l=bugtraq&m=104678739608479&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104678862109841&w=2 - () http://marc.info/?l=bugtraq&m=104678862109841&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104678862409849&w=2 - () http://marc.info/?l=bugtraq&m=104678862409849&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104679411316818&w=2 - () http://marc.info/?l=bugtraq&m=104679411316818&w=2 - Third Party Advisory
References () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only - () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only - Broken Link
References () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only - () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only - Broken Link
References () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only - () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only - Broken Link
References () http://www.cert.org/advisories/CA-2003-07.html - Patch, Third Party Advisory, US Government Resource () http://www.cert.org/advisories/CA-2003-07.html - Broken Link, Patch, Third Party Advisory, US Government Resource
References () http://www.debian.org/security/2003/dsa-257 - () http://www.debian.org/security/2003/dsa-257 - Broken Link
References () http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 - Patch, Vendor Advisory () http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 - Broken Link, Patch, Vendor Advisory
References () http://www.iss.net/security_center/static/10748.php - () http://www.iss.net/security_center/static/10748.php - Broken Link
References () http://www.kb.cert.org/vuls/id/398025 - US Government Resource () http://www.kb.cert.org/vuls/id/398025 - Third Party Advisory, US Government Resource
References () http://www.redhat.com/support/errata/RHSA-2003-073.html - () http://www.redhat.com/support/errata/RHSA-2003-073.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2003-074.html - () http://www.redhat.com/support/errata/RHSA-2003-074.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2003-227.html - () http://www.redhat.com/support/errata/RHSA-2003-227.html - Broken Link
References () http://www.securityfocus.com/bid/6991 - Exploit, Patch, Vendor Advisory () http://www.securityfocus.com/bid/6991 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References () http://www.sendmail.org/8.12.8.html - Patch, Vendor Advisory () http://www.sendmail.org/8.12.8.html - Broken Link, Patch, Vendor Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 - Broken Link
Information

Published : 2003-03-07 05:00

Updated : 2024-02-09 03:19

NVD link : CVE-2002-1337

Mitre link : CVE-2002-1337

CVE.ORG link : CVE-2002-1337

JSON object : View

Products Affected

netbsd

  • netbsd

sendmail

  • sendmail

sun

  • sunos

windriver

  • bsdos
  • platform_sa

hp

  • hp-ux
  • alphaserver_sc

gentoo

  • linux

oracle

  • solaris
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')