Vulnerabilities > CVE-2003-0681 - Buffer Overflow vulnerability in Sendmail Ruleset Parsing
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
Vulnerable Configurations
Exploit-Db
| description | Sendmail 8.12.9 Prescan() Variant Remote Buffer Overrun Vulnerability. CVE-2003-0681. Local exploit for linux platform |
| id | EDB-ID:23154 |
| last seen | 2016-02-02 |
| modified | 2003-09-17 |
| published | 2003-09-17 |
| reporter | Gyan Chawdhary |
| source | https://www.exploit-db.com/download/23154/ |
| title | Sendmail 8.12.9 Prescan Variant Remote Buffer Overrun Vulnerability |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_35483.NASL description s700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) last seen 2020-06-01 modified 2020-06-02 plugin id 26133 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26133 title HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_35483. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26133); script_version("1.22"); script_cvs_date("Date: 2019/07/10 16:04:13"); script_cve_id("CVE-2002-1337", "CVE-2003-0161", "CVE-2003-0681", "CVE-2003-0694", "CVE-2006-0058", "CVE-2007-2246"); script_bugtraq_id(6991); script_xref(name:"CERT-CC", value:"2003-07"); script_xref(name:"CERT-CC", value:"2003-12"); script_xref(name:"CERT-CC", value:"2003-25"); script_xref(name:"CERT", value:"834865"); script_xref(name:"HP", value:"emr_na-c00629555"); script_xref(name:"HP", value:"emr_na-c00841370"); script_xref(name:"HP", value:"emr_na-c00958338"); script_xref(name:"HP", value:"emr_na-c00958571"); script_xref(name:"HP", value:"emr_na-c01035741"); script_xref(name:"HP", value:"HPSBUX00246"); script_xref(name:"HP", value:"HPSBUX00253"); script_xref(name:"HP", value:"HPSBUX00281"); script_xref(name:"HP", value:"HPSBUX02108"); script_xref(name:"HP", value:"HPSBUX02183"); script_xref(name:"HP", value:"SSRT061133"); script_xref(name:"HP", value:"SSRT061243"); script_xref(name:"HP", value:"SSRT3469"); script_xref(name:"HP", value:"SSRT3531"); script_xref(name:"HP", value:"SSRT3631"); script_name(english:"HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e44f628" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b715e4f4" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8ac166f8" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00629555 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f41ededc" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00841370 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6b002323" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_35483 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_35483 applies to a different OS release."); } patches = make_list("PHNE_35483"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29912.NASL description s700_800 11.22 sendmail(1m) 8.11.1 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. last seen 2020-06-01 modified 2020-06-02 plugin id 16855 published 2005-02-16 reporter This script is Copyright (C) 2005-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16855 title HP-UX PHNE_29912 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29912. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16855); script_version("$Revision: 1.16 $"); script_cvs_date("$Date: 2015/01/14 15:43:28 $"); script_cve_id("CVE-2003-0681", "CVE-2003-0694"); script_xref(name:"CERT-CC", value:"2003-25"); script_xref(name:"HP", value:"emr_na-c01035741"); script_xref(name:"HP", value:"HPSBUX00281"); script_xref(name:"HP", value:"SSRT3631"); script_name(english:"HP-UX PHNE_29912 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.22 sendmail(1m) 8.11.1 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8ac166f8" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29912 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/12/16"); script_set_attribute(attribute:"patch_modification_date", value:"2007/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.22")) { exit(0, "The host is not affected since PHNE_29912 applies to a different OS release."); } patches = make_list("PHNE_29912"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.22")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.22")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_30224.NASL description s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. last seen 2020-06-01 modified 2020-06-02 plugin id 16704 published 2005-02-16 reporter This script is Copyright (C) 2005-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16704 title HP-UX PHNE_30224 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-384.NASL description Two vulnerabilities were reported in sendmail. - CAN-2003-0681 : A last seen 2020-06-01 modified 2020-06-02 plugin id 15221 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15221 title Debian DSA-384-1 : sendmail - buffer overflows NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_35485.NASL description s700_800 11.23 sendmail(1M) 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) last seen 2020-06-01 modified 2020-06-02 plugin id 26135 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26135 title HP-UX PHNE_35485 : s700_800 11.23 sendmail(1M) 8.11.1 patch NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_35484.NASL description s700_800 11.11 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) last seen 2020-06-01 modified 2020-06-02 plugin id 26134 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26134 title HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-092.NASL description A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CVE-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CVE-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems. last seen 2020-06-01 modified 2020-06-02 plugin id 14074 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14074 title Mandrake Linux Security Advisory : sendmail (MDKSA-2003:092) NASL family SMTP problems NASL id SENDMAIL_PRESCAN_OVERFLOW.NASL description According to its version number, the remote Sendmail server is between 5.79 to 8.12.9. Such versions are reportedly vulnerable to remote buffer overflow attacks, one in the last seen 2020-06-01 modified 2020-06-02 plugin id 11838 published 2003-09-17 reporter This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11838 title Sendmail < 8.12.10 prescan() Function Remote Overflow
Oval
accepted 2016-02-19T10:00:00.000-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation description A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. family unix id oval:org.mitre.oval:def:3606 status accepted submitted 2004-10-12T12:26:00.000-04:00 title Sendmail Ruleset Parsing Buffer Overflow version 35 accepted 2010-09-20T04:00:31.385-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. family unix id oval:org.mitre.oval:def:595 status accepted submitted 2003-09-21T12:00:00.000-04:00 title Potential BO in Ruleset Parsing for Sendmail version 41
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742
- http://marc.info/?l=bugtraq&m=106383437615742&w=2
- http://marc.info/?l=bugtraq&m=106398718909274&w=2
- http://www.debian.org/security/2003/dsa-384
- http://www.kb.cert.org/vuls/id/108964
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:092
- http://www.redhat.com/support/errata/RHSA-2003-283.html
- http://www.securityfocus.com/bid/8649
- http://www.sendmail.org/8.12.10.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13216
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595