Vulnerabilities > CVE-2002-1337 - Classic Buffer Overflow vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

  • descriptionSendmail 8.11.x Exploit (i386-Linux). CVE-2002-1337. Local exploit for linux platform
    idEDB-ID:411
    last seen2016-01-31
    modified2001-01-01
    published2001-01-01
    reportersd
    sourcehttps://www.exploit-db.com/download/411/
    titleSendmail 8.11.x - Exploit i386-Linux
  • descriptionSendmail 8.12.x Header Processing Buffer Overflow Vulnerability (2). CVE-2002-1337. Remote exploit for unix platform
    idEDB-ID:22314
    last seen2016-02-02
    modified2003-03-02
    published2003-03-02
    reporterbysin
    sourcehttps://www.exploit-db.com/download/22314/
    titleSendmail 8.12.x Header Processing Buffer Overflow Vulnerability 2
  • descriptionSendmail 8.12.x Header Processing Buffer Overflow Vulnerability (1). CVE-2002-1337. Remote exploit for unix platform
    idEDB-ID:22313
    last seen2016-02-02
    modified2003-03-02
    published2003-03-02
    reporterLast Stage of Delirium
    sourcehttps://www.exploit-db.com/download/22313/
    titleSendmail 8.12.x Header Processing Buffer Overflow Vulnerability 1

Nessus

  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_35483.NASL
    descriptions700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243)
    last seen2020-06-01
    modified2020-06-02
    plugin id26133
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26133
    titleHP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_35483. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26133);
      script_version("1.22");
      script_cvs_date("Date: 2019/07/10 16:04:13");
    
      script_cve_id("CVE-2002-1337", "CVE-2003-0161", "CVE-2003-0681", "CVE-2003-0694", "CVE-2006-0058", "CVE-2007-2246");
      script_bugtraq_id(6991);
      script_xref(name:"CERT-CC", value:"2003-07");
      script_xref(name:"CERT-CC", value:"2003-12");
      script_xref(name:"CERT-CC", value:"2003-25");
      script_xref(name:"CERT", value:"834865");
      script_xref(name:"HP", value:"emr_na-c00629555");
      script_xref(name:"HP", value:"emr_na-c00841370");
      script_xref(name:"HP", value:"emr_na-c00958338");
      script_xref(name:"HP", value:"emr_na-c00958571");
      script_xref(name:"HP", value:"emr_na-c01035741");
      script_xref(name:"HP", value:"HPSBUX00246");
      script_xref(name:"HP", value:"HPSBUX00253");
      script_xref(name:"HP", value:"HPSBUX00281");
      script_xref(name:"HP", value:"HPSBUX02108");
      script_xref(name:"HP", value:"HPSBUX02183");
      script_xref(name:"HP", value:"SSRT061133");
      script_xref(name:"HP", value:"SSRT061243");
      script_xref(name:"HP", value:"SSRT3469");
      script_xref(name:"HP", value:"SSRT3531");
      script_xref(name:"HP", value:"SSRT3631");
    
      script_name(english:"HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.00 sendmail(1M) 8.9.3 patch : 
    
    The remote HP-UX host is affected by multiple vulnerabilities :
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail, where the vulnerability may
        be exploited remotely to gain unauthorized access and
        create a Denial of Service (DoS). References: CERT
        CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    
      - A vulnerability has been identified in sendmail which
        may allow a remote attacker to execute arbitrary code.
        References: CVE-2006-0058, US-CERT VU#834865.
        (HPSBUX02108 SSRT061133)
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail, where the vulnerability
        could be exploited remotely to gain unauthorized
        privileged access. References: CERT/CC CA-2003-25,
        CAN-2003-0681. (HPSBUX00281 SSRT3631)
    
      - A potential security vulnerability has been identified
        with HP-UX sendmail, where the vulnerability may be
        exploited remotely to gain unauthorized access or create
        a denial of service (DoS). References: CERT CA-2003-12.
        (HPSBUX00253 SSRT3531)
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail. This vulnerability could
        allow a remote user to cause a Denial of Service (DoS).
        (HPSBUX02183 SSRT061243)"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e44f628"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b715e4f4"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8ac166f8"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00629555
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f41ededc"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00841370
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6b002323"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_35483 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25");
      script_set_attribute(attribute:"patch_modification_date", value:"2007/04/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.00"))
    {
      exit(0, "The host is not affected since PHNE_35483 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_35483");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++;
    if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_29526.NASL
    descriptions700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    last seen2020-06-01
    modified2020-06-02
    plugin id16898
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16898
    titleHP-UX PHNE_29526 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_29526. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16898);
      script_version("$Revision: 1.18 $");
      script_cvs_date("$Date: 2017/04/27 13:33:46 $");
    
      script_cve_id("CVE-2002-1337", "CVE-2003-0161");
      script_bugtraq_id(6991);
      script_xref(name:"CERT-CC", value:"2003-07");
      script_xref(name:"CERT-CC", value:"2003-12");
      script_xref(name:"HP", value:"emr_na-c00958338");
      script_xref(name:"HP", value:"emr_na-c00958571");
      script_xref(name:"HP", value:"HPSBUX00246");
      script_xref(name:"HP", value:"HPSBUX00253");
      script_xref(name:"HP", value:"SSRT3469");
      script_xref(name:"HP", value:"SSRT3531");
    
      script_name(english:"HP-UX PHNE_29526 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : 
    
    The remote HP-UX host is affected by multiple vulnerabilities :
    
      - A potential security vulnerability has been identified
        with HP-UX sendmail, where the vulnerability may be
        exploited remotely to gain unauthorized access or create
        a denial of service (DoS). References: CERT CA-2003-12.
        (HPSBUX00253 SSRT3531)
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail, where the vulnerability may
        be exploited remotely to gain unauthorized access and
        create a Denial of Service (DoS). References: CERT
        CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e44f628"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b715e4f4"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_29526 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/08/14");
      script_set_attribute(attribute:"patch_modification_date", value:"2007/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.04"))
    {
      exit(0, "The host is not affected since PHNE_29526 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_29526", "PHNE_30224", "PHNE_34927", "PHNE_35314");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.04")) flag++;
    if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.04")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySMTP problems
    NASL idSENDMAIL_HEADER.NASL
    descriptionThe remote Sendmail server, according to its version number, may be affected by a remote buffer overflow allowing remote users to gain root privileges. Sendmail versions from 5.79 to 8.12.7 are affected. *** Nessus reports this vulnerability using only *** the banner of the remote SMTP server. Therefore, *** this might be a false positive.
    last seen2020-06-01
    modified2020-06-02
    plugin id11316
    published2003-03-03
    reporterThis script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/11316
    titleSendmail headers.c crackaddr Function Address Field Handling Remote Overflow
    code
    #
    # (C) Tenable Network Security, Inc.
    # Original script by Michael Scheidell SECNAP Network Security
    #
    # Changes by Tenable:
    # - Revised plugin titles, output formatting, remove unrelated VDB refs, remove invalid see also link (9/14/09)
    # - Updated to use compat.inc, added CVSS score (11/20/2009)
    # - Update dependencies (7/23/2018)
    # - rewritten by Tenable (7/24/2018)
    
    include("compat.inc");
    
    if (description)
    {
     script_id(11316);
     script_version("1.44");
     script_cvs_date("Date: 2018/09/17 21:46:53");
    
     script_cve_id("CVE-2002-1337");
     script_bugtraq_id(6991);
      script_xref(name:"CERT-CC", value:"CA-2003-07");
      script_xref(name:"CERT", value:"398025");
    
     script_name(english:"Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow");
     script_summary(english:"Checks the version number");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote host has an application that is affected by a buffer
    overflow vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote Sendmail server, according to its version number, may be
    affected by a remote buffer overflow allowing remote users to gain
    root privileges. 
    
    Sendmail versions from 5.79 to 8.12.7 are affected.
    
    *** Nessus reports this vulnerability using only
    *** the banner of the remote SMTP server. Therefore,
    *** this might be a false positive.");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Sendmail version 8.12.8 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2002-1337");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"see_also", value:"http://www.sendmail.org/patchcr.html");
    
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/03");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SMTP problems");
    
      script_dependencies("sendmail_detect.nbin");
      script_require_keys("installed_sw/Sendmail");
      exit(0);
    }
    
    include("vcf.inc");
    
    app_info = vcf::get_app_info(app:"Sendmail");
    
    constraints = [{ "min_version" : "5.79", "fixed_version" : "8.12.8" }];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_28409.NASL
    descriptions700_800 11.22 sendmail(1m) 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - Sendmail Restricted Shell (smrsh) may let local users bypass restrictions to execute code. - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    last seen2020-06-01
    modified2020-06-02
    plugin id16634
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16634
    titleHP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_28409. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16634);
      script_version("$Revision: 1.16 $");
      script_cvs_date("$Date: 2017/04/27 13:33:46 $");
    
      script_cve_id("CVE-2002-1337", "CVE-2003-0161");
      script_bugtraq_id(6991);
      script_xref(name:"CERT-CC", value:"2003-07");
      script_xref(name:"CERT-CC", value:"2003-12");
      script_xref(name:"HP", value:"emr_na-c00958338");
      script_xref(name:"HP", value:"emr_na-c00958571");
      script_xref(name:"HP", value:"HPSBUX00246");
      script_xref(name:"HP", value:"HPSBUX00253");
      script_xref(name:"HP", value:"HPSBUX0212");
      script_xref(name:"HP", value:"SSRT2432");
      script_xref(name:"HP", value:"SSRT3469");
      script_xref(name:"HP", value:"SSRT3531");
    
      script_name(english:"HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.22 sendmail(1m) 8.11.1 patch : 
    
    The remote HP-UX host is affected by multiple vulnerabilities :
    
      - Sendmail Restricted Shell (smrsh) may let local users
        bypass restrictions to execute code.
    
      - A potential security vulnerability has been identified
        with HP-UX sendmail, where the vulnerability may be
        exploited remotely to gain unauthorized access or create
        a denial of service (DoS). References: CERT CA-2003-12.
        (HPSBUX00253 SSRT3531)
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail, where the vulnerability may
        be exploited remotely to gain unauthorized access and
        create a Denial of Service (DoS). References: CERT
        CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e44f628"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b715e4f4"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_28409 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/07/11");
      script_set_attribute(attribute:"patch_modification_date", value:"2005/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.22"))
    {
      exit(0, "The host is not affected since PHNE_28409 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_28409", "PHNE_29912");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.22")) flag++;
    if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.22")) flag++;
    if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySMTP problems
    NASL idSHN_SENDMAIL_DOUBLEPIPE.NASL
    descriptionsmrsh (supplied by Sendmail) is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes (||) or a mixture of dot and slash characters, a user may be able to bypass the checks performed by smrsh. This can lead to the execution of commands outside of the restricted environment. In addition, a function in headers.c does not properly sanitize input supplied via the
    last seen2020-06-01
    modified2020-06-02
    plugin id11321
    published2003-03-05
    reporterThis script is Copyright (C) 2003-2018 StrongHoldNet
    sourcehttps://www.tenable.com/plugins/nessus/11321
    titleSendmail 8.8.8 - 8.12.7 Multiple Vulnerabilities (Bypass, OF)
    code
    #
    # This script was written by Vincent Renardias <[email protected]>
    #
    # Licence: GPLv2
    #
    # Changes by Tenable:
    # - Revised description (1/22/2009)
    # - Updated to use compat.inc, added CVSS score (11/20/2009)
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(11321);
     script_version ("1.25");
     script_cvs_date("Date: 2018/06/27 18:42:26");
    
     script_cve_id("CVE-2002-1165", "CVE-2002-1337");
     script_bugtraq_id(5845);
     script_xref(name:"RHSA", value:"2003:073-06");
     script_xref(name:"SuSE", value:"SUSE-SA:2003:023");
    
     script_name(english:"Sendmail 8.8.8 - 8.12.7 Multiple Vulnerabilities (Bypass, OF)");
     script_summary(english:"Checks sendmail's version number");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host has an application that is affected by multiple
    vulnerabilities.");
     script_set_attribute(attribute:"description", value:
    "smrsh (supplied by Sendmail) is designed to prevent the execution of
    commands outside of the restricted environment.  However, when
    commands are entered using either double pipes (||) or a mixture of
    dot and slash characters, a user may be able to bypass the checks
    performed by smrsh.  This can lead to the execution of commands
    outside of the restricted environment. 
    
    In addition, a function in headers.c does not properly sanitize input
    supplied via the 'Address Field' causing an exploitable buffer
    overflow condition.  However, Nessus has not checked for this.");
     script_set_attribute(attribute:"solution", value:"Upgrade to Sendmail 8.12.8 or later.");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
     script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/05");
     script_set_attribute(attribute:"vuln_publication_date", value:"2002/10/01");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_end_attributes();
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2003-2018 StrongHoldNet");
     
     script_family(english:"SMTP problems");
     script_dependencie("find_service1.nasl", "smtpserver_detect.nasl");
     script_require_ports("Services/smtp", 25);
     script_require_keys("SMTP/sendmail");
     exit(0);
    }
    
    #
    # The script code starts here
    #
    
    include("smtp_func.inc");
    
    port = get_kb_item("Services/smtp");
    if(!port) port = 25;
    
    banner = get_smtp_banner(port:port);
    
    if(banner)
    {
     if(egrep(pattern:"Sendmail.*[^/](8\.8\.[89]|8\.9\..*|8\.1[01]\..*|8\.12\.[0-7][^0-9])/", string:banner))
            security_hole(port);
    }
    
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_35484.NASL
    descriptions700_800 11.11 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    last seen2020-06-01
    modified2020-06-02
    plugin id26134
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26134
    titleHP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_35484. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26134);
      script_version("1.23");
      script_cvs_date("Date: 2019/07/10 16:04:13");
    
      script_cve_id("CVE-2002-1337", "CVE-2003-0161", "CVE-2003-0681", "CVE-2003-0694", "CVE-2006-0058", "CVE-2007-2246");
      script_bugtraq_id(6991);
      script_xref(name:"CERT-CC", value:"2003-07");
      script_xref(name:"CERT-CC", value:"2003-12");
      script_xref(name:"CERT-CC", value:"2003-25");
      script_xref(name:"CERT", value:"834865");
      script_xref(name:"HP", value:"emr_na-c00629555");
      script_xref(name:"HP", value:"emr_na-c00841370");
      script_xref(name:"HP", value:"emr_na-c00958338");
      script_xref(name:"HP", value:"emr_na-c00958571");
      script_xref(name:"HP", value:"emr_na-c01035741");
      script_xref(name:"HP", value:"HPSBUX00246");
      script_xref(name:"HP", value:"HPSBUX00253");
      script_xref(name:"HP", value:"HPSBUX00281");
      script_xref(name:"HP", value:"HPSBUX02108");
      script_xref(name:"HP", value:"HPSBUX02183");
      script_xref(name:"HP", value:"SSRT061133");
      script_xref(name:"HP", value:"SSRT061243");
      script_xref(name:"HP", value:"SSRT3469");
      script_xref(name:"HP", value:"SSRT3531");
      script_xref(name:"HP", value:"SSRT3631");
    
      script_name(english:"HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.11 sendmail(1M) 8.9.3 patch : 
    
    The remote HP-UX host is affected by multiple vulnerabilities :
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail, where the vulnerability
        could be exploited remotely to gain unauthorized
        privileged access. References: CERT/CC CA-2003-25,
        CAN-2003-0681. (HPSBUX00281 SSRT3631)
    
      - A vulnerability has been identified in sendmail which
        may allow a remote attacker to execute arbitrary code.
        References: CVE-2006-0058, US-CERT VU#834865.
        (HPSBUX02108 SSRT061133)
    
      - A potential security vulnerability has been identified
        with HP-UX sendmail, where the vulnerability may be
        exploited remotely to gain unauthorized access or create
        a denial of service (DoS). References: CERT CA-2003-12.
        (HPSBUX00253 SSRT3531)
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail. This vulnerability could
        allow a remote user to cause a Denial of Service (DoS).
        (HPSBUX02183 SSRT061243)
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail, where the vulnerability may
        be exploited remotely to gain unauthorized access and
        create a Denial of Service (DoS). References: CERT
        CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e44f628"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b715e4f4"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8ac166f8"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00629555
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f41ededc"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00841370
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6b002323"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_35484 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/12/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25");
      script_set_attribute(attribute:"patch_modification_date", value:"2007/04/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.11"))
    {
      exit(0, "The host is not affected since PHNE_35484 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_35484", "PHNE_35950", "PHNE_40393");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-028.NASL
    descriptionA vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately.
    last seen2020-06-01
    modified2020-06-02
    plugin id14012
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14012
    titleMandrake Linux Security Advisory : sendmail (MDKSA-2003:028)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2003:028. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14012);
      script_version ("1.22");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2002-1337");
      script_xref(name:"CERT-CC", value:"CA-2003-07");
      script_xref(name:"CERT", value:"398025");
      script_xref(name:"MDKSA", value:"2003:028");
    
      script_name(english:"Mandrake Linux Security Advisory : sendmail (MDKSA-2003:028)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force
    that involves mail header manipulation that can result in a remote
    user gaining root access to the system running the vulnerable
    sendmail.
    
    Patches supplied by the sendmail development team have been applied to
    correct this issue. MandrakeSoft encourages all users who have chosen
    to use sendmail (as opposed to the default MTA, postfix) to upgrade to
    this version of sendmail immediately."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-cf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/03/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sendmail-8.11.0-4.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sendmail-cf-8.11.0-4.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sendmail-doc-8.11.0-4.2mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sendmail-8.11.6-4.4mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sendmail-cf-8.11.6-4.4mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sendmail-doc-8.11.6-4.4mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"sendmail-8.11.6-4.4mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"sendmail-cf-8.11.6-4.4mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"sendmail-doc-8.11.6-4.4mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"sendmail-8.12.1-4.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"sendmail-cf-8.12.1-4.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"sendmail-devel-8.12.1-4.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"sendmail-doc-8.12.1-4.2mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"sendmail-8.12.6-3.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"sendmail-cf-8.12.6-3.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"sendmail-devel-8.12.6-3.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"sendmail-doc-8.12.6-3.2mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_IY40501.NASL
    descriptionThe remote host is missing AIX Critical Security Patch number IY40501 (SECURITY: buffer overflow in sendmail). You should install this patch for your system to be up-to-date.
    last seen2020-06-01
    modified2020-06-02
    plugin id14612
    published2004-09-01
    reporterThis script is Copyright (C) 2004-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14612
    titleAIX 5.1 : IY40501
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(14612);
     script_version ("$Revision: 1.14 $");
     script_cvs_date("$Date: 2017/04/27 13:33:46 $");
     script_cve_id("CVE-2002-1337");
     name["english"] = "AIX 5.1 : IY40501";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing AIX Critical Security Patch number IY40501
    (SECURITY: buffer overflow in sendmail).
    
    You should install this patch for your system to be up-to-date." );
     script_set_attribute(attribute:"solution", value:
    "http://www-912.ibm.com/eserver/support/fixes/" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/01");
     script_end_attributes();
    
     
     summary["english"] = "Check for patch IY40501"; 
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2004-2017 Tenable Network Security, Inc.");
     family["english"] = "AIX Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/AIX/lslpp");
     exit(0);
    }
    
    
    
    include("aix.inc");
    
     if( aix_check_patch(release:"5.1", patch:"IY40501", package:"bos.net.tcp.client.5.1.0.39") < 0 ) 
       security_hole();
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-257.NASL
    descriptionMark Dowd of ISS X-Force found a bug in the header parsing routines of sendmail: it could overflow a buffer overflow when encountering addresses with very long comments. Since sendmail also parses headers when forwarding emails this vulnerability can hit mail-servers which do not deliver the email as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id15094
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15094
    titleDebian DSA-257-1 : sendmail - remote exploit
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-074.NASL
    descriptionUpdated Sendmail packages are available to fix a vulnerability that may allow remote attackers to gain root privileges by sending a carefully crafted message. [Updated March 18 2003] Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS. Sendmail is a widely used Mail Transport Agent (MTA) which is included in all Red Hat Enterprise Linux distributions. During a code audit of Sendmail by ISS, a critical vulnerability was uncovered that affects unpatched versions of Sendmail prior to version 8.12.8. A remote attacker can send a carefully crafted email message which, when processed by sendmail, causes arbitrary code to be executed as root. We are advised that a proof-of-concept exploit is known to exist, but is not believed to be in the wild. Since this is a message-based vulnerability, MTAs other than Sendmail may pass on the carefully crafted message. This means that unpatched versions of Sendmail inside a network could still be at risk even if they do not accept external connections directly. All users are advised to update to these erratum packages which contain a backported patch to correct this vulnerability. Red Hat would like to thank Eric Allman for his assistance with this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id12372
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12372
    titleRHEL 2.1 : sendmail (RHSA-2003:074)

Oval

accepted2005-06-01T03:30:00.000-04:00
classvulnerability
contributors
nameBrian Soby
organizationThe MITRE Corporation
descriptionBuffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
familyunix
idoval:org.mitre.oval:def:2222
statusaccepted
submitted2005-04-13T12:00:00.000-04:00
titleSendmail Address Processor Buffer Overflow
version35

Redhat

advisories
  • rhsa
    idRHSA-2003:073
  • rhsa
    idRHSA-2003:074
  • rhsa
    idRHSA-2003:227