Vulnerabilities > CVE-2002-1337 - Classic Buffer Overflow vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description Sendmail 8.11.x Exploit (i386-Linux). CVE-2002-1337. Local exploit for linux platform id EDB-ID:411 last seen 2016-01-31 modified 2001-01-01 published 2001-01-01 reporter sd source https://www.exploit-db.com/download/411/ title Sendmail 8.11.x - Exploit i386-Linux description Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability (2). CVE-2002-1337. Remote exploit for unix platform id EDB-ID:22314 last seen 2016-02-02 modified 2003-03-02 published 2003-03-02 reporter bysin source https://www.exploit-db.com/download/22314/ title Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability 2 description Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability (1). CVE-2002-1337. Remote exploit for unix platform id EDB-ID:22313 last seen 2016-02-02 modified 2003-03-02 published 2003-03-02 reporter Last Stage of Delirium source https://www.exploit-db.com/download/22313/ title Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability 1
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_35483.NASL description s700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) last seen 2020-06-01 modified 2020-06-02 plugin id 26133 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26133 title HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_35483. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26133); script_version("1.22"); script_cvs_date("Date: 2019/07/10 16:04:13"); script_cve_id("CVE-2002-1337", "CVE-2003-0161", "CVE-2003-0681", "CVE-2003-0694", "CVE-2006-0058", "CVE-2007-2246"); script_bugtraq_id(6991); script_xref(name:"CERT-CC", value:"2003-07"); script_xref(name:"CERT-CC", value:"2003-12"); script_xref(name:"CERT-CC", value:"2003-25"); script_xref(name:"CERT", value:"834865"); script_xref(name:"HP", value:"emr_na-c00629555"); script_xref(name:"HP", value:"emr_na-c00841370"); script_xref(name:"HP", value:"emr_na-c00958338"); script_xref(name:"HP", value:"emr_na-c00958571"); script_xref(name:"HP", value:"emr_na-c01035741"); script_xref(name:"HP", value:"HPSBUX00246"); script_xref(name:"HP", value:"HPSBUX00253"); script_xref(name:"HP", value:"HPSBUX00281"); script_xref(name:"HP", value:"HPSBUX02108"); script_xref(name:"HP", value:"HPSBUX02183"); script_xref(name:"HP", value:"SSRT061133"); script_xref(name:"HP", value:"SSRT061243"); script_xref(name:"HP", value:"SSRT3469"); script_xref(name:"HP", value:"SSRT3531"); script_xref(name:"HP", value:"SSRT3631"); script_name(english:"HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e44f628" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b715e4f4" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8ac166f8" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00629555 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f41ededc" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00841370 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6b002323" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_35483 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_35483 applies to a different OS release."); } patches = make_list("PHNE_35483"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29526.NASL description s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) last seen 2020-06-01 modified 2020-06-02 plugin id 16898 published 2005-02-16 reporter This script is Copyright (C) 2005-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16898 title HP-UX PHNE_29526 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29526. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16898); script_version("$Revision: 1.18 $"); script_cvs_date("$Date: 2017/04/27 13:33:46 $"); script_cve_id("CVE-2002-1337", "CVE-2003-0161"); script_bugtraq_id(6991); script_xref(name:"CERT-CC", value:"2003-07"); script_xref(name:"CERT-CC", value:"2003-12"); script_xref(name:"HP", value:"emr_na-c00958338"); script_xref(name:"HP", value:"emr_na-c00958571"); script_xref(name:"HP", value:"HPSBUX00246"); script_xref(name:"HP", value:"HPSBUX00253"); script_xref(name:"HP", value:"SSRT3469"); script_xref(name:"HP", value:"SSRT3531"); script_name(english:"HP-UX PHNE_29526 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e44f628" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b715e4f4" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29526 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/08/14"); script_set_attribute(attribute:"patch_modification_date", value:"2007/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2017 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHNE_29526 applies to a different OS release."); } patches = make_list("PHNE_29526", "PHNE_30224", "PHNE_34927", "PHNE_35314"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.04")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SMTP problems NASL id SENDMAIL_HEADER.NASL description The remote Sendmail server, according to its version number, may be affected by a remote buffer overflow allowing remote users to gain root privileges. Sendmail versions from 5.79 to 8.12.7 are affected. *** Nessus reports this vulnerability using only *** the banner of the remote SMTP server. Therefore, *** this might be a false positive. last seen 2020-06-01 modified 2020-06-02 plugin id 11316 published 2003-03-03 reporter This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11316 title Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow code # # (C) Tenable Network Security, Inc. # Original script by Michael Scheidell SECNAP Network Security # # Changes by Tenable: # - Revised plugin titles, output formatting, remove unrelated VDB refs, remove invalid see also link (9/14/09) # - Updated to use compat.inc, added CVSS score (11/20/2009) # - Update dependencies (7/23/2018) # - rewritten by Tenable (7/24/2018) include("compat.inc"); if (description) { script_id(11316); script_version("1.44"); script_cvs_date("Date: 2018/09/17 21:46:53"); script_cve_id("CVE-2002-1337"); script_bugtraq_id(6991); script_xref(name:"CERT-CC", value:"CA-2003-07"); script_xref(name:"CERT", value:"398025"); script_name(english:"Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow"); script_summary(english:"Checks the version number"); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The remote Sendmail server, according to its version number, may be affected by a remote buffer overflow allowing remote users to gain root privileges. Sendmail versions from 5.79 to 8.12.7 are affected. *** Nessus reports this vulnerability using only *** the banner of the remote SMTP server. Therefore, *** this might be a false positive."); script_set_attribute(attribute:"solution", value: "Upgrade to Sendmail version 8.12.8 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2002-1337"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"see_also", value:"http://www.sendmail.org/patchcr.html"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/03"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SMTP problems"); script_dependencies("sendmail_detect.nbin"); script_require_keys("installed_sw/Sendmail"); exit(0); } include("vcf.inc"); app_info = vcf::get_app_info(app:"Sendmail"); constraints = [{ "min_version" : "5.79", "fixed_version" : "8.12.8" }]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_28409.NASL description s700_800 11.22 sendmail(1m) 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - Sendmail Restricted Shell (smrsh) may let local users bypass restrictions to execute code. - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) last seen 2020-06-01 modified 2020-06-02 plugin id 16634 published 2005-02-16 reporter This script is Copyright (C) 2005-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16634 title HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_28409. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16634); script_version("$Revision: 1.16 $"); script_cvs_date("$Date: 2017/04/27 13:33:46 $"); script_cve_id("CVE-2002-1337", "CVE-2003-0161"); script_bugtraq_id(6991); script_xref(name:"CERT-CC", value:"2003-07"); script_xref(name:"CERT-CC", value:"2003-12"); script_xref(name:"HP", value:"emr_na-c00958338"); script_xref(name:"HP", value:"emr_na-c00958571"); script_xref(name:"HP", value:"HPSBUX00246"); script_xref(name:"HP", value:"HPSBUX00253"); script_xref(name:"HP", value:"HPSBUX0212"); script_xref(name:"HP", value:"SSRT2432"); script_xref(name:"HP", value:"SSRT3469"); script_xref(name:"HP", value:"SSRT3531"); script_name(english:"HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.22 sendmail(1m) 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - Sendmail Restricted Shell (smrsh) may let local users bypass restrictions to execute code. - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e44f628" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b715e4f4" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_28409 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/11"); script_set_attribute(attribute:"patch_modification_date", value:"2005/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2017 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.22")) { exit(0, "The host is not affected since PHNE_28409 applies to a different OS release."); } patches = make_list("PHNE_28409", "PHNE_29912"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.22")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.22")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SMTP problems NASL id SHN_SENDMAIL_DOUBLEPIPE.NASL description smrsh (supplied by Sendmail) is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes (||) or a mixture of dot and slash characters, a user may be able to bypass the checks performed by smrsh. This can lead to the execution of commands outside of the restricted environment. In addition, a function in headers.c does not properly sanitize input supplied via the last seen 2020-06-01 modified 2020-06-02 plugin id 11321 published 2003-03-05 reporter This script is Copyright (C) 2003-2018 StrongHoldNet source https://www.tenable.com/plugins/nessus/11321 title Sendmail 8.8.8 - 8.12.7 Multiple Vulnerabilities (Bypass, OF) code # # This script was written by Vincent Renardias <[email protected]> # # Licence: GPLv2 # # Changes by Tenable: # - Revised description (1/22/2009) # - Updated to use compat.inc, added CVSS score (11/20/2009) include("compat.inc"); if(description) { script_id(11321); script_version ("1.25"); script_cvs_date("Date: 2018/06/27 18:42:26"); script_cve_id("CVE-2002-1165", "CVE-2002-1337"); script_bugtraq_id(5845); script_xref(name:"RHSA", value:"2003:073-06"); script_xref(name:"SuSE", value:"SUSE-SA:2003:023"); script_name(english:"Sendmail 8.8.8 - 8.12.7 Multiple Vulnerabilities (Bypass, OF)"); script_summary(english:"Checks sendmail's version number"); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "smrsh (supplied by Sendmail) is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes (||) or a mixture of dot and slash characters, a user may be able to bypass the checks performed by smrsh. This can lead to the execution of commands outside of the restricted environment. In addition, a function in headers.c does not properly sanitize input supplied via the 'Address Field' causing an exploitable buffer overflow condition. However, Nessus has not checked for this."); script_set_attribute(attribute:"solution", value:"Upgrade to Sendmail 8.12.8 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/05"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/10/01"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 StrongHoldNet"); script_family(english:"SMTP problems"); script_dependencie("find_service1.nasl", "smtpserver_detect.nasl"); script_require_ports("Services/smtp", 25); script_require_keys("SMTP/sendmail"); exit(0); } # # The script code starts here # include("smtp_func.inc"); port = get_kb_item("Services/smtp"); if(!port) port = 25; banner = get_smtp_banner(port:port); if(banner) { if(egrep(pattern:"Sendmail.*[^/](8\.8\.[89]|8\.9\..*|8\.1[01]\..*|8\.12\.[0-7][^0-9])/", string:banner)) security_hole(port); }
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_35484.NASL description s700_800 11.11 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) last seen 2020-06-01 modified 2020-06-02 plugin id 26134 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26134 title HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_35484. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26134); script_version("1.23"); script_cvs_date("Date: 2019/07/10 16:04:13"); script_cve_id("CVE-2002-1337", "CVE-2003-0161", "CVE-2003-0681", "CVE-2003-0694", "CVE-2006-0058", "CVE-2007-2246"); script_bugtraq_id(6991); script_xref(name:"CERT-CC", value:"2003-07"); script_xref(name:"CERT-CC", value:"2003-12"); script_xref(name:"CERT-CC", value:"2003-25"); script_xref(name:"CERT", value:"834865"); script_xref(name:"HP", value:"emr_na-c00629555"); script_xref(name:"HP", value:"emr_na-c00841370"); script_xref(name:"HP", value:"emr_na-c00958338"); script_xref(name:"HP", value:"emr_na-c00958571"); script_xref(name:"HP", value:"emr_na-c01035741"); script_xref(name:"HP", value:"HPSBUX00246"); script_xref(name:"HP", value:"HPSBUX00253"); script_xref(name:"HP", value:"HPSBUX00281"); script_xref(name:"HP", value:"HPSBUX02108"); script_xref(name:"HP", value:"HPSBUX02183"); script_xref(name:"HP", value:"SSRT061133"); script_xref(name:"HP", value:"SSRT061243"); script_xref(name:"HP", value:"SSRT3469"); script_xref(name:"HP", value:"SSRT3531"); script_xref(name:"HP", value:"SSRT3631"); script_name(english:"HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e44f628" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b715e4f4" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8ac166f8" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00629555 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f41ededc" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00841370 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6b002323" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_35484 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHNE_35484 applies to a different OS release."); } patches = make_list("PHNE_35484", "PHNE_35950", "PHNE_40393"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-028.NASL description A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 14012 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14012 title Mandrake Linux Security Advisory : sendmail (MDKSA-2003:028) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:028. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14012); script_version ("1.22"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-1337"); script_xref(name:"CERT-CC", value:"CA-2003-07"); script_xref(name:"CERT", value:"398025"); script_xref(name:"MDKSA", value:"2003:028"); script_name(english:"Mandrake Linux Security Advisory : sendmail (MDKSA-2003:028)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-cf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sendmail-8.11.0-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sendmail-cf-8.11.0-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sendmail-doc-8.11.0-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sendmail-8.11.6-4.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sendmail-cf-8.11.6-4.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sendmail-doc-8.11.6-4.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"sendmail-8.11.6-4.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"sendmail-cf-8.11.6-4.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"sendmail-doc-8.11.6-4.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"sendmail-8.12.1-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"sendmail-cf-8.12.1-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"sendmail-devel-8.12.1-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"sendmail-doc-8.12.1-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"sendmail-8.12.6-3.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"sendmail-cf-8.12.6-3.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"sendmail-devel-8.12.6-3.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"sendmail-doc-8.12.6-3.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family AIX Local Security Checks NASL id AIX_IY40501.NASL description The remote host is missing AIX Critical Security Patch number IY40501 (SECURITY: buffer overflow in sendmail). You should install this patch for your system to be up-to-date. last seen 2020-06-01 modified 2020-06-02 plugin id 14612 published 2004-09-01 reporter This script is Copyright (C) 2004-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14612 title AIX 5.1 : IY40501 code # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(14612); script_version ("$Revision: 1.14 $"); script_cvs_date("$Date: 2017/04/27 13:33:46 $"); script_cve_id("CVE-2002-1337"); name["english"] = "AIX 5.1 : IY40501"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing AIX Critical Security Patch number IY40501 (SECURITY: buffer overflow in sendmail). You should install this patch for your system to be up-to-date." ); script_set_attribute(attribute:"solution", value: "http://www-912.ibm.com/eserver/support/fixes/" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/01"); script_end_attributes(); summary["english"] = "Check for patch IY40501"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2017 Tenable Network Security, Inc."); family["english"] = "AIX Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp"); exit(0); } include("aix.inc"); if( aix_check_patch(release:"5.1", patch:"IY40501", package:"bos.net.tcp.client.5.1.0.39") < 0 ) security_hole();
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-257.NASL description Mark Dowd of ISS X-Force found a bug in the header parsing routines of sendmail: it could overflow a buffer overflow when encountering addresses with very long comments. Since sendmail also parses headers when forwarding emails this vulnerability can hit mail-servers which do not deliver the email as well. last seen 2020-06-01 modified 2020-06-02 plugin id 15094 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15094 title Debian DSA-257-1 : sendmail - remote exploit NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-074.NASL description Updated Sendmail packages are available to fix a vulnerability that may allow remote attackers to gain root privileges by sending a carefully crafted message. [Updated March 18 2003] Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS. Sendmail is a widely used Mail Transport Agent (MTA) which is included in all Red Hat Enterprise Linux distributions. During a code audit of Sendmail by ISS, a critical vulnerability was uncovered that affects unpatched versions of Sendmail prior to version 8.12.8. A remote attacker can send a carefully crafted email message which, when processed by sendmail, causes arbitrary code to be executed as root. We are advised that a proof-of-concept exploit is known to exist, but is not believed to be in the wild. Since this is a message-based vulnerability, MTAs other than Sendmail may pass on the carefully crafted message. This means that unpatched versions of Sendmail inside a network could still be at risk even if they do not accept external connections directly. All users are advised to update to these erratum packages which contain a backported patch to correct this vulnerability. Red Hat would like to thank Eric Allman for his assistance with this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 12372 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12372 title RHEL 2.1 : sendmail (RHSA-2003:074)
Oval
accepted | 2005-06-01T03:30:00.000-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
description | Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. | ||||
family | unix | ||||
id | oval:org.mitre.oval:def:2222 | ||||
status | accepted | ||||
submitted | 2005-04-13T12:00:00.000-04:00 | ||||
title | Sendmail Address Processor Buffer Overflow | ||||
version | 35 |
Redhat
advisories |
|
References
- http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
- http://www.sendmail.org/8.12.8.html
- http://www.cert.org/advisories/CA-2003-07.html
- http://www.securityfocus.com/bid/6991
- http://www.redhat.com/support/errata/RHSA-2003-073.html
- http://www.redhat.com/support/errata/RHSA-2003-074.html
- http://www.redhat.com/support/errata/RHSA-2003-227.html
- ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
- http://www.debian.org/security/2003/dsa-257
- ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
- ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
- http://www.kb.cert.org/vuls/id/398025
- http://www.iss.net/security_center/static/10748.php
- http://marc.info/?l=bugtraq&m=104679411316818&w=2
- http://marc.info/?l=bugtraq&m=104678739608479&w=2
- http://marc.info/?l=bugtraq&m=104678862109841&w=2
- http://marc.info/?l=bugtraq&m=104673778105192&w=2
- http://marc.info/?l=bugtraq&m=104678862409849&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222