Vulnerability Details CVE-2002-1337
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.634
EPSS Ranking 98.3%
CVSS Severity
CVSS v2 Score 10.0
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
- ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
- ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
- ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
- http://marc.info/?l=bugtraq&m=104673778105192&w=2
- http://marc.info/?l=bugtraq&m=104678739608479&w=2
- http://marc.info/?l=bugtraq&m=104678862109841&w=2
- http://marc.info/?l=bugtraq&m=104678862409849&w=2
- http://marc.info/?l=bugtraq&m=104679411316818&w=2
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
- http://www.cert.org/advisories/CA-2003-07.html
- http://www.debian.org/security/2003/dsa-257
- http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
- http://www.iss.net/security_center/static/10748.php
- http://www.kb.cert.org/vuls/id/398025
- http://www.redhat.com/support/errata/RHSA-2003-073.html
- http://www.redhat.com/support/errata/RHSA-2003-074.html
- http://www.redhat.com/support/errata/RHSA-2003-227.html
- http://www.securityfocus.com/bid/6991
- http://www.sendmail.org/8.12.8.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
- ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
- ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
- ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
- http://marc.info/?l=bugtraq&m=104673778105192&w=2
- http://marc.info/?l=bugtraq&m=104678739608479&w=2
- http://marc.info/?l=bugtraq&m=104678862109841&w=2
- http://marc.info/?l=bugtraq&m=104678862409849&w=2
- http://marc.info/?l=bugtraq&m=104679411316818&w=2
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
- http://www.cert.org/advisories/CA-2003-07.html
- http://www.debian.org/security/2003/dsa-257
- http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
- http://www.iss.net/security_center/static/10748.php
- http://www.kb.cert.org/vuls/id/398025
- http://www.redhat.com/support/errata/RHSA-2003-073.html
- http://www.redhat.com/support/errata/RHSA-2003-074.html
- http://www.redhat.com/support/errata/RHSA-2003-227.html
- http://www.securityfocus.com/bid/6991
- http://www.sendmail.org/8.12.8.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
Products affected by CVE-2002-1337
-
cpe:2.3:a:sendmail:sendmail:-
-
cpe:2.3:a:sendmail:sendmail:2.6
-
cpe:2.3:a:sendmail:sendmail:2.6.1
-
cpe:2.3:a:sendmail:sendmail:2.6.2
-
cpe:2.3:a:sendmail:sendmail:3.0
-
cpe:2.3:a:sendmail:sendmail:3.0.1
-
cpe:2.3:a:sendmail:sendmail:3.0.2
-
cpe:2.3:a:sendmail:sendmail:3.0.3
-
cpe:2.3:a:sendmail:sendmail:4.1
-
cpe:2.3:a:sendmail:sendmail:8.10.0
-
cpe:2.3:a:sendmail:sendmail:8.10.1
-
cpe:2.3:a:sendmail:sendmail:8.10.2
-
cpe:2.3:a:sendmail:sendmail:8.11.0
-
cpe:2.3:a:sendmail:sendmail:8.11.1
-
cpe:2.3:a:sendmail:sendmail:8.11.2
-
cpe:2.3:a:sendmail:sendmail:8.11.3
-
cpe:2.3:a:sendmail:sendmail:8.11.4
-
cpe:2.3:a:sendmail:sendmail:8.11.5
-
cpe:2.3:a:sendmail:sendmail:8.12.0
-
cpe:2.3:a:sendmail:sendmail:8.12.1
-
cpe:2.3:a:sendmail:sendmail:8.12.2
-
cpe:2.3:a:sendmail:sendmail:8.12.3
-
cpe:2.3:a:sendmail:sendmail:8.12.4
-
cpe:2.3:a:sendmail:sendmail:8.12.5
-
cpe:2.3:a:sendmail:sendmail:8.12.6
-
cpe:2.3:a:sendmail:sendmail:8.12.7
-
cpe:2.3:a:sendmail:sendmail:8.6.7
-
cpe:2.3:a:sendmail:sendmail:8.7.10
-
cpe:2.3:a:sendmail:sendmail:8.7.6
-
cpe:2.3:a:sendmail:sendmail:8.7.7
-
cpe:2.3:a:sendmail:sendmail:8.7.8
-
cpe:2.3:a:sendmail:sendmail:8.7.9
-
cpe:2.3:a:sendmail:sendmail:8.8.8
-
cpe:2.3:a:sendmail:sendmail:8.9.0
-
cpe:2.3:a:sendmail:sendmail:8.9.1
-
cpe:2.3:a:sendmail:sendmail:8.9.2
-
cpe:2.3:h:hp:alphaserver_sc:-
-
cpe:2.3:o:gentoo:linux:1.4
-
cpe:2.3:o:hp:hp-ux:10.10
-
cpe:2.3:o:hp:hp-ux:10.20
-
cpe:2.3:o:hp:hp-ux:11.0.4
-
cpe:2.3:o:hp:hp-ux:11.00
-
cpe:2.3:o:hp:hp-ux:11.11
-
cpe:2.3:o:hp:hp-ux:11.22
-
cpe:2.3:o:netbsd:netbsd:1.5
-
cpe:2.3:o:netbsd:netbsd:1.5.1
-
cpe:2.3:o:netbsd:netbsd:1.5.2
-
cpe:2.3:o:netbsd:netbsd:1.5.3
-
cpe:2.3:o:netbsd:netbsd:1.6
-
cpe:2.3:o:oracle:solaris:2.6
-
cpe:2.3:o:oracle:solaris:7.0
-
cpe:2.3:o:oracle:solaris:8
-
cpe:2.3:o:oracle:solaris:9
-
cpe:2.3:o:sun:sunos:-
-
cpe:2.3:o:sun:sunos:5.7
-
cpe:2.3:o:sun:sunos:5.8
-
cpe:2.3:o:windriver:bsdos:4.2
-
cpe:2.3:o:windriver:bsdos:4.3.1
-
cpe:2.3:o:windriver:bsdos:5.0
-
cpe:2.3:o:windriver:platform_sa:1.0