Vulnerabilities > CVE-2003-0694
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
Vulnerable Configurations
Metasploit
description | This is a proof of concept denial of service module for Sendmail versions 8.12.8 and earlier. The vulnerability is within the prescan() method when parsing SMTP headers. Due to the prescan function, only 0x5c and 0x00 bytes can be used, limiting the likelihood for arbitrary code execution. |
id | MSF:AUXILIARY/DOS/SMTP/SENDMAIL_PRESCAN |
last seen | 2020-05-22 |
modified | 2017-11-08 |
published | 2009-09-12 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0694 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/smtp/sendmail_prescan.rb |
title | Sendmail SMTP Address prescan Memory Corruption |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_35483.NASL description s700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) last seen 2020-06-01 modified 2020-06-02 plugin id 26133 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26133 title HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_35483. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26133); script_version("1.22"); script_cvs_date("Date: 2019/07/10 16:04:13"); script_cve_id("CVE-2002-1337", "CVE-2003-0161", "CVE-2003-0681", "CVE-2003-0694", "CVE-2006-0058", "CVE-2007-2246"); script_bugtraq_id(6991); script_xref(name:"CERT-CC", value:"2003-07"); script_xref(name:"CERT-CC", value:"2003-12"); script_xref(name:"CERT-CC", value:"2003-25"); script_xref(name:"CERT", value:"834865"); script_xref(name:"HP", value:"emr_na-c00629555"); script_xref(name:"HP", value:"emr_na-c00841370"); script_xref(name:"HP", value:"emr_na-c00958338"); script_xref(name:"HP", value:"emr_na-c00958571"); script_xref(name:"HP", value:"emr_na-c01035741"); script_xref(name:"HP", value:"HPSBUX00246"); script_xref(name:"HP", value:"HPSBUX00253"); script_xref(name:"HP", value:"HPSBUX00281"); script_xref(name:"HP", value:"HPSBUX02108"); script_xref(name:"HP", value:"HPSBUX02183"); script_xref(name:"HP", value:"SSRT061133"); script_xref(name:"HP", value:"SSRT061243"); script_xref(name:"HP", value:"SSRT3469"); script_xref(name:"HP", value:"SSRT3531"); script_xref(name:"HP", value:"SSRT3631"); script_name(english:"HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e44f628" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b715e4f4" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8ac166f8" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00629555 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f41ededc" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00841370 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6b002323" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_35483 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_35483 applies to a different OS release."); } patches = make_list("PHNE_35483"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-284.NASL description Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available. Sendmail is a widely used Mail Transport Agent (MTA) and is included in all Red Hat Enterprise Linux distributions. There is a bug in the prescan() function of Sendmail versions prior to and including 8.12.9. The sucessful exploitation of this bug can lead to heap and stack structure overflows. Although no exploit currently exists, this issue is locally exploitable and may also be remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0694 to this issue. All users are advised to update to these erratum packages containing a backported patch which corrects these vulnerabilities. Red Hat would like to thank Michal Zalewski for finding and reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12422 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12422 title RHEL 2.1 : sendmail (RHSA-2003:284) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:284. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12422); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0694"); script_xref(name:"RHSA", value:"2003:284"); script_name(english:"RHEL 2.1 : sendmail (RHSA-2003:284)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available. Sendmail is a widely used Mail Transport Agent (MTA) and is included in all Red Hat Enterprise Linux distributions. There is a bug in the prescan() function of Sendmail versions prior to and including 8.12.9. The sucessful exploitation of this bug can lead to heap and stack structure overflows. Although no exploit currently exists, this issue is locally exploitable and may also be remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0694 to this issue. All users are advised to update to these erratum packages containing a backported patch which corrects these vulnerabilities. Red Hat would like to thank Michal Zalewski for finding and reporting this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0694" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:284" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-cf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:284"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-8.11.6-28.72")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-cf-8.11.6-28.72")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-devel-8.11.6-28.72")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-doc-8.11.6-28.72")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sendmail / sendmail-cf / sendmail-devel / sendmail-doc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_040.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:040 (sendmail, sendmail-tls). sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SUSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SUSE products up to and including SUSE LINUX 8.0 and the SUSE LINUX Enterprise Server 7. The vulnerability discovered is known as the prescan()-bug and is not related to the vulnerability found and fixed in April 2003. The error in the code can cause heap or stack memory to be overwritten, triggered by (but not limited to) functions that parse header addresses. There is no known workaround for this vulnerability other than using a different MTA. The vulnerability is triggered by an email message sent through the sendmail MTA subsystem. In that respect, it is different from commonly known bugs that occur in the context of an open TCP connection. By consequence, the vulnerability also exists if email messages get forwarded over a relay that itself does not run a vulnerable MTA. This specific detail and the wide distribution of sendmail in the internet causes this vulnerability to be considered a flaw of major severity. We recommend to install the update packages that are provided for download at the locations listed below. We thank Michal Zalewski who discovered this vulnerability and the friendly people from Sendmail Inc (Claus Assmann) who have communicated problem to SUSE Security. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command last seen 2020-06-01 modified 2020-06-02 plugin id 13808 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13808 title SUSE-SA:2003:040: sendmail, sendmail-tls code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:040 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13808); script_bugtraq_id(8641); script_version ("1.21"); script_cve_id("CVE-2003-0694"); name["english"] = "SUSE-SA:2003:040: sendmail, sendmail-tls"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2003:040 (sendmail, sendmail-tls). sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SUSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SUSE products up to and including SUSE LINUX 8.0 and the SUSE LINUX Enterprise Server 7. The vulnerability discovered is known as the prescan()-bug and is not related to the vulnerability found and fixed in April 2003. The error in the code can cause heap or stack memory to be overwritten, triggered by (but not limited to) functions that parse header addresses. There is no known workaround for this vulnerability other than using a different MTA. The vulnerability is triggered by an email message sent through the sendmail MTA subsystem. In that respect, it is different from commonly known bugs that occur in the context of an open TCP connection. By consequence, the vulnerability also exists if email messages get forwarded over a relay that itself does not run a vulnerable MTA. This specific detail and the wide distribution of sendmail in the internet causes this vulnerability to be considered a flaw of major severity. We recommend to install the update packages that are provided for download at the locations listed below. We thank Michal Zalewski who discovered this vulnerability and the friendly people from Sendmail Inc (Claus Assmann) who have communicated problem to SUSE Security. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2003_040_sendmail.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_end_attributes(); summary["english"] = "Check for the version of the sendmail, sendmail-tls package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"sendmail-8.11.3-112", release:"SUSE7.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"sendmail-tls-8.11.3-116", release:"SUSE7.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"sendmail-8.11.6-167", release:"SUSE7.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"sendmail-tls-8.11.6-169", release:"SUSE7.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"sendmail-8.12.3-78", release:"SUSE8.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"sendmail-devel-8.12.3-78", release:"SUSE8.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"sendmail-8.12.6-159", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"sendmail-devel-8.12.6-159", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"sendmail-8.12.7-77", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"sendmail-devel-8.12.7-77", release:"SUSE8.2") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"sendmail-", release:"SUSE7.2") || rpm_exists(rpm:"sendmail-", release:"SUSE7.3") || rpm_exists(rpm:"sendmail-", release:"SUSE8.0") || rpm_exists(rpm:"sendmail-", release:"SUSE8.1") || rpm_exists(rpm:"sendmail-", release:"SUSE8.2") ) { set_kb_item(name:"CVE-2003-0694", value:TRUE); }
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29912.NASL description s700_800 11.22 sendmail(1m) 8.11.1 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. last seen 2020-06-01 modified 2020-06-02 plugin id 16855 published 2005-02-16 reporter This script is Copyright (C) 2005-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16855 title HP-UX PHNE_29912 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29912. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16855); script_version("$Revision: 1.16 $"); script_cvs_date("$Date: 2015/01/14 15:43:28 $"); script_cve_id("CVE-2003-0681", "CVE-2003-0694"); script_xref(name:"CERT-CC", value:"2003-25"); script_xref(name:"HP", value:"emr_na-c01035741"); script_xref(name:"HP", value:"HPSBUX00281"); script_xref(name:"HP", value:"SSRT3631"); script_name(english:"HP-UX PHNE_29912 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.22 sendmail(1m) 8.11.1 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8ac166f8" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29912 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/12/16"); script_set_attribute(attribute:"patch_modification_date", value:"2007/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.22")) { exit(0, "The host is not affected since PHNE_29912 applies to a different OS release."); } patches = make_list("PHNE_29912"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.22")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.22")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_30224.NASL description s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. last seen 2020-06-01 modified 2020-06-02 plugin id 16704 published 2005-02-16 reporter This script is Copyright (C) 2005-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16704 title HP-UX PHNE_30224 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-384.NASL description Two vulnerabilities were reported in sendmail. - CAN-2003-0681 : A last seen 2020-06-01 modified 2020-06-02 plugin id 15221 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15221 title Debian DSA-384-1 : sendmail - buffer overflows NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_35485.NASL description s700_800 11.23 sendmail(1M) 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) last seen 2020-06-01 modified 2020-06-02 plugin id 26135 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26135 title HP-UX PHNE_35485 : s700_800 11.23 sendmail(1M) 8.11.1 patch NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_35484.NASL description s700_800 11.11 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) last seen 2020-06-01 modified 2020-06-02 plugin id 26134 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26134 title HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-092.NASL description A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CVE-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CVE-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems. last seen 2020-06-01 modified 2020-06-02 plugin id 14074 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14074 title Mandrake Linux Security Advisory : sendmail (MDKSA-2003:092) NASL family AIX Local Security Checks NASL id AIX_IY48658.NASL description The remote host is missing AIX Critical Security Patch number IY48658 (Sendmail prescan() vulnerability). You should install this patch for your system to be up-to-date. last seen 2020-06-01 modified 2020-06-02 plugin id 14619 published 2004-09-01 reporter This script is Copyright (C) 2004-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14619 title AIX 5.1 : IY48658 NASL family AIX Local Security Checks NASL id AIX_IY48657.NASL description The remote host is missing AIX Critical Security Patch number IY48657 (Sendmail prescan() vulnerability). You should install this patch for your system to be up-to-date. last seen 2020-06-01 modified 2020-06-02 plugin id 14606 published 2004-09-01 reporter This script is Copyright (C) 2004-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14606 title AIX 5.2 : IY48657 NASL family SMTP problems NASL id SENDMAIL_PRESCAN_OVERFLOW.NASL description According to its version number, the remote Sendmail server is between 5.79 to 8.12.9. Such versions are reportedly vulnerable to remote buffer overflow attacks, one in the last seen 2020-06-01 modified 2020-06-02 plugin id 11838 published 2003-09-17 reporter This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11838 title Sendmail < 8.12.10 prescan() Function Remote Overflow
Oval
accepted 2005-02-23T09:25:00.000-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation description The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. family unix id oval:org.mitre.oval:def:2975 status accepted submitted 2004-12-29T12:00:00.000-04:00 title Sendmail prescan function Buffer Overflow version 34 accepted 2010-09-20T04:00:30.551-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. family unix id oval:org.mitre.oval:def:572 status accepted submitted 2003-08-11T12:00:00.000-04:00 title Sendmail BO in Prescan Function version 41 accepted 2010-09-20T04:00:32.475-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. family unix id oval:org.mitre.oval:def:603 status accepted submitted 2003-09-21T12:00:00.000-04:00 title Sendmail BO in prescan Function version 41
Redhat
advisories |
|
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
- http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html
- http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742
- http://marc.info/?l=bugtraq&m=106381604923204&w=2
- http://marc.info/?l=bugtraq&m=106381604923204&w=2
- http://marc.info/?l=bugtraq&m=106382859407683&w=2
- http://marc.info/?l=bugtraq&m=106382859407683&w=2
- http://marc.info/?l=bugtraq&m=106383437615742&w=2
- http://marc.info/?l=bugtraq&m=106383437615742&w=2
- http://marc.info/?l=bugtraq&m=106398718909274&w=2
- http://marc.info/?l=bugtraq&m=106398718909274&w=2
- http://www.cert.org/advisories/CA-2003-25.html
- http://www.cert.org/advisories/CA-2003-25.html
- http://www.debian.org/security/2003/dsa-384
- http://www.debian.org/security/2003/dsa-384
- http://www.kb.cert.org/vuls/id/784980
- http://www.kb.cert.org/vuls/id/784980
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:092
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:092
- http://www.redhat.com/support/errata/RHSA-2003-283.html
- http://www.redhat.com/support/errata/RHSA-2003-283.html
- http://www.redhat.com/support/errata/RHSA-2003-284.html
- http://www.redhat.com/support/errata/RHSA-2003-284.html
- http://www.sendmail.org/8.12.10.html
- http://www.sendmail.org/8.12.10.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603