CVE-2002-1337

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
References
Link Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 Broken Link
http://marc.info/?l=bugtraq&m=104673778105192&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104678739608479&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862109841&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862409849&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104679411316818&w=2 Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only Broken Link
http://www.cert.org/advisories/CA-2003-07.html Broken Link Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-257 Broken Link
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 Broken Link Patch Vendor Advisory
http://www.iss.net/security_center/static/10748.php Broken Link
http://www.kb.cert.org/vuls/id/398025 Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2003-073.html Broken Link
http://www.redhat.com/support/errata/RHSA-2003-074.html Broken Link
http://www.redhat.com/support/errata/RHSA-2003-227.html Broken Link
http://www.securityfocus.com/bid/6991 Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.sendmail.org/8.12.8.html Broken Link Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 Broken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 Broken Link
http://marc.info/?l=bugtraq&m=104673778105192&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104678739608479&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862109841&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862409849&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=104679411316818&w=2 Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only Broken Link
http://www.cert.org/advisories/CA-2003-07.html Broken Link Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-257 Broken Link
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 Broken Link Patch Vendor Advisory
http://www.iss.net/security_center/static/10748.php Broken Link
http://www.kb.cert.org/vuls/id/398025 Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2003-073.html Broken Link
http://www.redhat.com/support/errata/RHSA-2003-074.html Broken Link
http://www.redhat.com/support/errata/RHSA-2003-227.html Broken Link
http://www.securityfocus.com/bid/6991 Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.sendmail.org/8.12.8.html Broken Link Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:h:hp:alphaserver_sc:*:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:7.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
cpe:2.3:o:windriver:bsdos:4.2:*:*:*:*:*:*:*
cpe:2.3:o:windriver:bsdos:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:windriver:bsdos:5.0:*:*:*:*:*:*:*
cpe:2.3:o:windriver:platform_sa:1.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:41

Type Values Removed Values Added
References () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc - Broken Link () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc - Broken Link
References () ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 - Broken Link () ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 - Broken Link
References () ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 - Broken Link () ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 - Broken Link
References () ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P - Broken Link () ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P - Broken Link
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 - Broken Link () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 - Broken Link
References () http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 - Broken Link () http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 - Broken Link
References () http://marc.info/?l=bugtraq&m=104673778105192&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=104673778105192&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104678739608479&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=104678739608479&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104678862109841&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=104678862109841&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104678862409849&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=104678862409849&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104679411316818&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=104679411316818&w=2 - Third Party Advisory
References () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only - Broken Link () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only - Broken Link
References () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only - Broken Link () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only - Broken Link
References () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only - Broken Link () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only - Broken Link
References () http://www.cert.org/advisories/CA-2003-07.html - Broken Link, Patch, Third Party Advisory, US Government Resource () http://www.cert.org/advisories/CA-2003-07.html - Broken Link, Patch, Third Party Advisory, US Government Resource
References () http://www.debian.org/security/2003/dsa-257 - Broken Link () http://www.debian.org/security/2003/dsa-257 - Broken Link
References () http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 - Broken Link, Patch, Vendor Advisory () http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 - Broken Link, Patch, Vendor Advisory
References () http://www.iss.net/security_center/static/10748.php - Broken Link () http://www.iss.net/security_center/static/10748.php - Broken Link
References () http://www.kb.cert.org/vuls/id/398025 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/398025 - Third Party Advisory, US Government Resource
References () http://www.redhat.com/support/errata/RHSA-2003-073.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2003-073.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2003-074.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2003-074.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2003-227.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2003-227.html - Broken Link
References () http://www.securityfocus.com/bid/6991 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory () http://www.securityfocus.com/bid/6991 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References () http://www.sendmail.org/8.12.8.html - Broken Link, Patch, Vendor Advisory () http://www.sendmail.org/8.12.8.html - Broken Link, Patch, Vendor Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 - Broken Link

09 Feb 2024, 03:19

Type Values Removed Values Added
CPE cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:sgi:freeware:1.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:3.0:*:nt:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:3.0.1:*:nt:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:3.0.2:*:nt:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:2.6.1:*:nt:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:2.6:*:nt:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:7.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
First Time Oracle solaris
Oracle
CWE NVD-CWE-Other CWE-120
References () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc - () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc - Broken Link
References () ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 - () ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 - Broken Link
References () ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 - () ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 - Broken Link
References () ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P - () ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P - Broken Link
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 - () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 - Broken Link
References () http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 - () http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 - Broken Link
References () http://marc.info/?l=bugtraq&m=104673778105192&w=2 - () http://marc.info/?l=bugtraq&m=104673778105192&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104678739608479&w=2 - () http://marc.info/?l=bugtraq&m=104678739608479&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104678862109841&w=2 - () http://marc.info/?l=bugtraq&m=104678862109841&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104678862409849&w=2 - () http://marc.info/?l=bugtraq&m=104678862409849&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=104679411316818&w=2 - () http://marc.info/?l=bugtraq&m=104679411316818&w=2 - Third Party Advisory
References () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only - () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only - Broken Link
References () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only - () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only - Broken Link
References () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only - () http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only - Broken Link
References () http://www.cert.org/advisories/CA-2003-07.html - Patch, Third Party Advisory, US Government Resource () http://www.cert.org/advisories/CA-2003-07.html - Broken Link, Patch, Third Party Advisory, US Government Resource
References () http://www.debian.org/security/2003/dsa-257 - () http://www.debian.org/security/2003/dsa-257 - Broken Link
References () http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 - Patch, Vendor Advisory () http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 - Broken Link, Patch, Vendor Advisory
References () http://www.iss.net/security_center/static/10748.php - () http://www.iss.net/security_center/static/10748.php - Broken Link
References () http://www.kb.cert.org/vuls/id/398025 - US Government Resource () http://www.kb.cert.org/vuls/id/398025 - Third Party Advisory, US Government Resource
References () http://www.redhat.com/support/errata/RHSA-2003-073.html - () http://www.redhat.com/support/errata/RHSA-2003-073.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2003-074.html - () http://www.redhat.com/support/errata/RHSA-2003-074.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2003-227.html - () http://www.redhat.com/support/errata/RHSA-2003-227.html - Broken Link
References () http://www.securityfocus.com/bid/6991 - Exploit, Patch, Vendor Advisory () http://www.securityfocus.com/bid/6991 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References () http://www.sendmail.org/8.12.8.html - Patch, Vendor Advisory () http://www.sendmail.org/8.12.8.html - Broken Link, Patch, Vendor Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 - Broken Link

Information

Published : 2003-03-07 05:00

Updated : 2024-11-20 23:41


NVD link : CVE-2002-1337

Mitre link : CVE-2002-1337

CVE.ORG link : CVE-2002-1337


JSON object : View

Products Affected

gentoo

  • linux

windriver

  • platform_sa
  • bsdos

hp

  • hp-ux
  • alphaserver_sc

oracle

  • solaris

netbsd

  • netbsd

sun

  • sunos

sendmail

  • sendmail
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')