Critical

CVE-2003-0161 - Unspecified vulnerability in multiple products

Publication: 2003-04-02
Summary

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • SUN Sunos -
  • Sendmail Sendmail Switch 2.1
  • Sendmail Sendmail Switch 2.1.1
  • Sendmail Sendmail Switch 2.1.2
  • Sendmail Sendmail Switch 2.1.3
  • Sendmail Sendmail Switch 2.1.4
  • Sendmail Sendmail Switch 2.1.5
  • Sendmail Sendmail Switch 2.2
  • Sendmail Sendmail Switch 2.2.1
  • Sendmail Sendmail Switch 2.2.2
  • Sendmail Sendmail Switch 2.2.3
  • Sendmail Sendmail Switch 2.2.4
  • Sendmail Sendmail Switch 2.2.5
  • SUN Solaris 2.4
  • SUN Solaris 2.5
  • SUN Solaris 2.5.1
  • SUN Solaris 2.5.1
  • SUN Solaris 2.6
  • Sendmail Sendmail 2.6
  • Sendmail Sendmail 2.6.1
  • Sendmail Sendmail 2.6.2
  • Sendmail Sendmail Switch 3.0
  • Sendmail Sendmail 3.0
  • Sendmail Sendmail Switch 3.0.1
  • Sendmail Sendmail 3.0.1
  • Sendmail Sendmail 3.0.2
  • Sendmail Sendmail Switch 3.0.2
  • Sendmail Sendmail 3.0.3
  • Sendmail Sendmail Switch 3.0.3
  • Compaq Tru64 5.0
  • Compaq Tru64 5.1
  • SUN Sunos 5.4
  • SUN Sunos 5.5
  • SUN Sunos 5.5.1
  • SUN Sunos 5.7
  • Compaq Tru64 5.1b_pk1_bl1
  • Compaq Tru64 5.1b
  • Compaq Tru64 5.1a_pk3_bl3
  • Compaq Tru64 5.1a_pk2_bl2
  • Compaq Tru64 5.1a_pk1_bl1
  • Compaq Tru64 5.1a
  • Compaq Tru64 5.1_pk6_bl20
  • Compaq Tru64 5.1_pk5_bl19
  • Compaq Tru64 5.1_pk4_bl18
  • Compaq Tru64 5.1_pk3_bl17
  • SUN Sunos 5.8
  • Compaq Tru64 5.0f
  • Compaq Tru64 5.0a_pk3_bl17
  • Compaq Tru64 5.0a
  • Compaq Tru64 5.0_pk4_bl18
  • Compaq Tru64 5.0_pk4_bl17
  • Compaq Tru64 4.0b
  • Compaq Tru64 4.0d
  • Compaq Tru64 4.0d_pk9_bl17
  • Compaq Tru64 4.0f
  • HP SIS
  • Compaq Tru64 4.0f_pk7_bl18
  • Compaq Tru64 4.0g
  • Compaq Tru64 4.0g_pk3_bl17
  • Sendmail Sendmail 8.12.8
  • Compaq Tru64 4.0f_pk6_bl17
  • Sendmail Sendmail 8.12.6
  • Sendmail Sendmail 8.12.5
  • Sendmail Sendmail 8.12.4
  • Sendmail Sendmail 8.12.3
  • Sendmail Sendmail 8.12.2
  • Sendmail Sendmail 8.12.1
  • Sendmail Sendmail 8.12.0
  • Sendmail Sendmail 8.12
  • Sendmail Sendmail 8.12
  • Sendmail Sendmail 8.12
  • Sendmail Sendmail 8.12
  • Sendmail Sendmail 8.12
  • Sendmail Sendmail 8.11.6
  • Sendmail Sendmail 8.11.5
  • Sendmail Sendmail 8.11.4
  • HP HP-UX 10.00
  • HP HP-UX 10.01
  • HP HP-UX 10.08
  • HP HP-UX 10.09
  • HP HP-UX 10.10
  • HP HP-UX 10.16
  • HP HP-UX 10.20
  • HP HP-UX 10.24
  • HP HP-UX 10.26
  • Sendmail Sendmail 8.12.7
  • HP HP-UX 10.34
  • HP HP-UX 11.00
  • HP HP-UX 11.0.4
  • HP HP-UX 11.11
  • HP HP-UX 11.20
  • HP HP-UX 11.22
  • HP HP-UX Series 700 10.20
  • HP HP-UX Series 800 10.20
  • Sendmail Sendmail 8.11.3
  • Sendmail Sendmail 8.11.2
  • Sendmail Sendmail 8.11.1
  • Sendmail Sendmail 8.11.0
  • Sendmail Sendmail 8.10.2
  • Sendmail Sendmail 8.10.1
  • SUN Solaris 7.0
  • SUN Solaris 8.0
  • SUN Solaris 9.0
  • SUN Solaris 9.0
  • SUN Solaris 9.0
  • Sendmail Sendmail 8.10
  • Sendmail Sendmail 8.9.3
  • Sendmail Sendmail 8.9.2
  • Sendmail Sendmail 8.9.1
  • Sendmail Sendmail 8.9.0
  • HP HP-UX 10.30