Vulnerabilities > CVE-2003-0694

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
sendmail
sgi
apple
compaq
freebsd
gentoo
hp
ibm
netbsd
sun
turbolinux
critical
nessus
metasploit

Summary

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Vulnerable Configurations

Part Description Count
Application
Sendmail
57
OS
Sgi
12
OS
Apple
14
OS
Compaq
21
OS
Freebsd
19
OS
Gentoo
7
OS
Hp
4
OS
Ibm
3
OS
Netbsd
10
OS
Sun
8
OS
Turbolinux
8

Metasploit

descriptionThis is a proof of concept denial of service module for Sendmail versions 8.12.8 and earlier. The vulnerability is within the prescan() method when parsing SMTP headers. Due to the prescan function, only 0x5c and 0x00 bytes can be used, limiting the likelihood for arbitrary code execution.
idMSF:AUXILIARY/DOS/SMTP/SENDMAIL_PRESCAN
last seen2020-05-22
modified2017-11-08
published2009-09-12
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0694
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/smtp/sendmail_prescan.rb
titleSendmail SMTP Address prescan Memory Corruption

Nessus

  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_35483.NASL
    descriptions700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243)
    last seen2020-06-01
    modified2020-06-02
    plugin id26133
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26133
    titleHP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_35483. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26133);
      script_version("1.22");
      script_cvs_date("Date: 2019/07/10 16:04:13");
    
      script_cve_id("CVE-2002-1337", "CVE-2003-0161", "CVE-2003-0681", "CVE-2003-0694", "CVE-2006-0058", "CVE-2007-2246");
      script_bugtraq_id(6991);
      script_xref(name:"CERT-CC", value:"2003-07");
      script_xref(name:"CERT-CC", value:"2003-12");
      script_xref(name:"CERT-CC", value:"2003-25");
      script_xref(name:"CERT", value:"834865");
      script_xref(name:"HP", value:"emr_na-c00629555");
      script_xref(name:"HP", value:"emr_na-c00841370");
      script_xref(name:"HP", value:"emr_na-c00958338");
      script_xref(name:"HP", value:"emr_na-c00958571");
      script_xref(name:"HP", value:"emr_na-c01035741");
      script_xref(name:"HP", value:"HPSBUX00246");
      script_xref(name:"HP", value:"HPSBUX00253");
      script_xref(name:"HP", value:"HPSBUX00281");
      script_xref(name:"HP", value:"HPSBUX02108");
      script_xref(name:"HP", value:"HPSBUX02183");
      script_xref(name:"HP", value:"SSRT061133");
      script_xref(name:"HP", value:"SSRT061243");
      script_xref(name:"HP", value:"SSRT3469");
      script_xref(name:"HP", value:"SSRT3531");
      script_xref(name:"HP", value:"SSRT3631");
    
      script_name(english:"HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.00 sendmail(1M) 8.9.3 patch : 
    
    The remote HP-UX host is affected by multiple vulnerabilities :
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail, where the vulnerability may
        be exploited remotely to gain unauthorized access and
        create a Denial of Service (DoS). References: CERT
        CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    
      - A vulnerability has been identified in sendmail which
        may allow a remote attacker to execute arbitrary code.
        References: CVE-2006-0058, US-CERT VU#834865.
        (HPSBUX02108 SSRT061133)
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail, where the vulnerability
        could be exploited remotely to gain unauthorized
        privileged access. References: CERT/CC CA-2003-25,
        CAN-2003-0681. (HPSBUX00281 SSRT3631)
    
      - A potential security vulnerability has been identified
        with HP-UX sendmail, where the vulnerability may be
        exploited remotely to gain unauthorized access or create
        a denial of service (DoS). References: CERT CA-2003-12.
        (HPSBUX00253 SSRT3531)
    
      - A potential security vulnerability has been identified
        with HP-UX running sendmail. This vulnerability could
        allow a remote user to cause a Denial of Service (DoS).
        (HPSBUX02183 SSRT061243)"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e44f628"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b715e4f4"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8ac166f8"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00629555
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f41ededc"
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00841370
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6b002323"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_35483 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25");
      script_set_attribute(attribute:"patch_modification_date", value:"2007/04/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.00"))
    {
      exit(0, "The host is not affected since PHNE_35483 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_35483");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++;
    if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-284.NASL
    descriptionUpdated Sendmail packages that fix a potentially-exploitable vulnerability are now available. Sendmail is a widely used Mail Transport Agent (MTA) and is included in all Red Hat Enterprise Linux distributions. There is a bug in the prescan() function of Sendmail versions prior to and including 8.12.9. The sucessful exploitation of this bug can lead to heap and stack structure overflows. Although no exploit currently exists, this issue is locally exploitable and may also be remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0694 to this issue. All users are advised to update to these erratum packages containing a backported patch which corrects these vulnerabilities. Red Hat would like to thank Michal Zalewski for finding and reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id12422
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12422
    titleRHEL 2.1 : sendmail (RHSA-2003:284)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2003:284. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12422);
      script_version ("1.28");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2003-0694");
      script_xref(name:"RHSA", value:"2003:284");
    
      script_name(english:"RHEL 2.1 : sendmail (RHSA-2003:284)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Sendmail packages that fix a potentially-exploitable
    vulnerability are now available.
    
    Sendmail is a widely used Mail Transport Agent (MTA) and is included
    in all Red Hat Enterprise Linux distributions.
    
    There is a bug in the prescan() function of Sendmail versions prior to
    and including 8.12.9. The sucessful exploitation of this bug can lead
    to heap and stack structure overflows. Although no exploit currently
    exists, this issue is locally exploitable and may also be remotely
    exploitable. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2003-0694 to this issue.
    
    All users are advised to update to these erratum packages containing a
    backported patch which corrects these vulnerabilities.
    
    Red Hat would like to thank Michal Zalewski for finding and reporting
    this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2003-0694"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2003:284"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-cf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2003:284";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-8.11.6-28.72")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-cf-8.11.6-28.72")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-devel-8.11.6-28.72")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-doc-8.11.6-28.72")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sendmail / sendmail-cf / sendmail-devel / sendmail-doc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2003_040.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2003:040 (sendmail, sendmail-tls). sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SUSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SUSE products up to and including SUSE LINUX 8.0 and the SUSE LINUX Enterprise Server 7. The vulnerability discovered is known as the prescan()-bug and is not related to the vulnerability found and fixed in April 2003. The error in the code can cause heap or stack memory to be overwritten, triggered by (but not limited to) functions that parse header addresses. There is no known workaround for this vulnerability other than using a different MTA. The vulnerability is triggered by an email message sent through the sendmail MTA subsystem. In that respect, it is different from commonly known bugs that occur in the context of an open TCP connection. By consequence, the vulnerability also exists if email messages get forwarded over a relay that itself does not run a vulnerable MTA. This specific detail and the wide distribution of sendmail in the internet causes this vulnerability to be considered a flaw of major severity. We recommend to install the update packages that are provided for download at the locations listed below. We thank Michal Zalewski who discovered this vulnerability and the friendly people from Sendmail Inc (Claus Assmann) who have communicated problem to SUSE Security. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command
    last seen2020-06-01
    modified2020-06-02
    plugin id13808
    published2004-07-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13808
    titleSUSE-SA:2003:040: sendmail, sendmail-tls
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:040
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(13808);
     script_bugtraq_id(8641);
     script_version ("1.21");
     script_cve_id("CVE-2003-0694");
     
     name["english"] = "SUSE-SA:2003:040: sendmail, sendmail-tls";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2003:040 (sendmail, sendmail-tls).
    
    
    sendmail is the most widely used mail transport agent (MTA) in the
    internet. A remotely exploitable buffer overflow has been found in all
    versions of sendmail that come with SUSE products. These versions include
    sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem
    that is installed by default on all SUSE products up to and including
    SUSE LINUX 8.0 and the SUSE LINUX Enterprise Server 7.
    
    The vulnerability discovered is known as the prescan()-bug and is not
    related to the vulnerability found and fixed in April 2003. The error
    in the code can cause heap or stack memory to be overwritten, triggered
    by (but not limited to) functions that parse header addresses. 
    
    There is no known workaround for this vulnerability other than using a
    different MTA. The vulnerability is triggered by an email message sent
    through the sendmail MTA subsystem. In that respect, it is different
    from commonly known bugs that occur in the context of an open TCP
    connection. By consequence, the vulnerability also exists if email
    messages get forwarded over a relay that itself does not run a vulnerable
    MTA. This specific detail and the wide distribution of sendmail in the
    internet causes this vulnerability to be considered a flaw of major
    severity. We recommend to install the update packages that are provided
    for download at the locations listed below.
    
    We thank Michal Zalewski who discovered this vulnerability and the 
    friendly people from Sendmail Inc (Claus Assmann) who have communicated
    problem to SUSE Security.
    
    Please download the update package for your distribution and verify its
    integrity by the methods listed in section 3) of this announcement.
    Then, install the package using the command 'rpm -Fhv file.rpm' to apply
    the update." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/2003_040_sendmail.html" );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25");
     script_cvs_date("Date: 2019/10/25 13:36:27");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the sendmail, sendmail-tls package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"sendmail-8.11.3-112", release:"SUSE7.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"sendmail-tls-8.11.3-116", release:"SUSE7.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"sendmail-8.11.6-167", release:"SUSE7.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"sendmail-tls-8.11.6-169", release:"SUSE7.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"sendmail-8.12.3-78", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"sendmail-devel-8.12.3-78", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"sendmail-8.12.6-159", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"sendmail-devel-8.12.6-159", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"sendmail-8.12.7-77", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"sendmail-devel-8.12.7-77", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if (rpm_exists(rpm:"sendmail-", release:"SUSE7.2")
     || rpm_exists(rpm:"sendmail-", release:"SUSE7.3")
     || rpm_exists(rpm:"sendmail-", release:"SUSE8.0")
     || rpm_exists(rpm:"sendmail-", release:"SUSE8.1")
     || rpm_exists(rpm:"sendmail-", release:"SUSE8.2") )
    {
     set_kb_item(name:"CVE-2003-0694", value:TRUE);
    }
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_29912.NASL
    descriptions700_800 11.22 sendmail(1m) 8.11.1 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681.
    last seen2020-06-01
    modified2020-06-02
    plugin id16855
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16855
    titleHP-UX PHNE_29912 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_29912. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16855);
      script_version("$Revision: 1.16 $");
      script_cvs_date("$Date: 2015/01/14 15:43:28 $");
    
      script_cve_id("CVE-2003-0681", "CVE-2003-0694");
      script_xref(name:"CERT-CC", value:"2003-25");
      script_xref(name:"HP", value:"emr_na-c01035741");
      script_xref(name:"HP", value:"HPSBUX00281");
      script_xref(name:"HP", value:"SSRT3631");
    
      script_name(english:"HP-UX PHNE_29912 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.22 sendmail(1m) 8.11.1 patch : 
    
    A potential security vulnerability has been identified with HP-UX
    running sendmail, where the vulnerability could be exploited remotely
    to gain unauthorized privileged access. References: CERT/CC
    CA-2003-25, CAN-2003-0681."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8ac166f8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_29912 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/12/16");
      script_set_attribute(attribute:"patch_modification_date", value:"2007/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.22"))
    {
      exit(0, "The host is not affected since PHNE_29912 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_29912");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.22")) flag++;
    if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.22")) flag++;
    if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_30224.NASL
    descriptions700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681.
    last seen2020-06-01
    modified2020-06-02
    plugin id16704
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16704
    titleHP-UX PHNE_30224 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-384.NASL
    descriptionTwo vulnerabilities were reported in sendmail. - CAN-2003-0681 : A
    last seen2020-06-01
    modified2020-06-02
    plugin id15221
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15221
    titleDebian DSA-384-1 : sendmail - buffer overflows
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_35485.NASL
    descriptions700_800 11.23 sendmail(1M) 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631)
    last seen2020-06-01
    modified2020-06-02
    plugin id26135
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26135
    titleHP-UX PHNE_35485 : s700_800 11.23 sendmail(1M) 8.11.1 patch
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_35484.NASL
    descriptions700_800 11.11 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    last seen2020-06-01
    modified2020-06-02
    plugin id26134
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26134
    titleHP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-092.NASL
    descriptionA buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CVE-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CVE-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id14074
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14074
    titleMandrake Linux Security Advisory : sendmail (MDKSA-2003:092)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IY48658.NASL
    descriptionThe remote host is missing AIX Critical Security Patch number IY48658 (Sendmail prescan() vulnerability). You should install this patch for your system to be up-to-date.
    last seen2020-06-01
    modified2020-06-02
    plugin id14619
    published2004-09-01
    reporterThis script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14619
    titleAIX 5.1 : IY48658
  • NASL familyAIX Local Security Checks
    NASL idAIX_IY48657.NASL
    descriptionThe remote host is missing AIX Critical Security Patch number IY48657 (Sendmail prescan() vulnerability). You should install this patch for your system to be up-to-date.
    last seen2020-06-01
    modified2020-06-02
    plugin id14606
    published2004-09-01
    reporterThis script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14606
    titleAIX 5.2 : IY48657
  • NASL familySMTP problems
    NASL idSENDMAIL_PRESCAN_OVERFLOW.NASL
    descriptionAccording to its version number, the remote Sendmail server is between 5.79 to 8.12.9. Such versions are reportedly vulnerable to remote buffer overflow attacks, one in the
    last seen2020-06-01
    modified2020-06-02
    plugin id11838
    published2003-09-17
    reporterThis script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/11838
    titleSendmail < 8.12.10 prescan() Function Remote Overflow

Oval

  • accepted2005-02-23T09:25:00.000-04:00
    classvulnerability
    contributors
    nameBrian Soby
    organizationThe MITRE Corporation
    descriptionThe prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
    familyunix
    idoval:org.mitre.oval:def:2975
    statusaccepted
    submitted2004-12-29T12:00:00.000-04:00
    titleSendmail prescan function Buffer Overflow
    version34
  • accepted2010-09-20T04:00:30.551-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameJay Beale
      organizationBastille Linux
    • nameThomas R. Jones
      organizationMaitreya Security
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionThe prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
    familyunix
    idoval:org.mitre.oval:def:572
    statusaccepted
    submitted2003-08-11T12:00:00.000-04:00
    titleSendmail BO in Prescan Function
    version41
  • accepted2010-09-20T04:00:32.475-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameJay Beale
      organizationBastille Linux
    • nameThomas R. Jones
      organizationMaitreya Security
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionThe prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
    familyunix
    idoval:org.mitre.oval:def:603
    statusaccepted
    submitted2003-09-21T12:00:00.000-04:00
    titleSendmail BO in prescan Function
    version41

Redhat

advisories
  • rhsa
    idRHSA-2003:283
  • rhsa
    idRHSA-2003:284