CVE-2003-0694

Description

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Affected products

• Apple / mac_os_x10.2 – 10.2
• Apple / mac_os_x10.2.1 – 10.2.1
• Apple / mac_os_x10.2.2 – 10.2.2
• Apple / mac_os_x10.2.3 – 10.2.3
• Apple / mac_os_x10.2.4 – 10.2.4
• Apple / mac_os_x10.2.5 – 10.2.5
• Apple / mac_os_x10.2.6 – 10.2.6
• Apple / mac_os_x_server10.2 – 10.2
• Apple / mac_os_x_server10.2.1 – 10.2.1
• Apple / mac_os_x_server10.2.2 – 10.2.2
• Apple / mac_os_x_server10.2.3 – 10.2.3
• Apple / mac_os_x_server10.2.4 – 10.2.4
• Apple / mac_os_x_server10.2.5 – 10.2.5
• Apple / mac_os_x_server10.2.6 – 10.2.6
• compaq / tru645.1a – 5.1a
• compaq / tru645.1b_pk2_bl22 – 5.1b_pk2_bl22
• compaq / tru645.1b_pk1_bl1 – 5.1b_pk1_bl1
• compaq / tru645.1b – 5.1b
• compaq / tru645.1a_pk5_bl23 – 5.1a_pk5_bl23
• compaq / tru645.1a_pk4_bl21 – 5.1a_pk4_bl21
• compaq / tru645.1a_pk3_bl3 – 5.1a_pk3_bl3
• compaq / tru645.1a_pk2_bl2 – 5.1a_pk2_bl2
• compaq / tru645.1a_pk1_bl1 – 5.1a_pk1_bl1
• compaq / tru645.1_pk6_bl20 – 5.1_pk6_bl20
• compaq / tru645.1_pk5_bl19 – 5.1_pk5_bl19
• compaq / tru645.1_pk4_bl18 – 5.1_pk4_bl18
• compaq / tru645.1_pk3_bl17 – 5.1_pk3_bl17
• compaq / tru645.1 – 5.1
• compaq / tru644.0g_pk4_bl22 – 4.0g_pk4_bl22
• compaq / tru644.0g_pk3_bl17 – 4.0g_pk3_bl17
• compaq / tru644.0g – 4.0g
• compaq / tru644.0f_pk8_bl22 – 4.0f_pk8_bl22
• compaq / tru644.0f_pk7_bl18 – 4.0f_pk7_bl18
• compaq / tru644.0f_pk6_bl17 – 4.0f_pk6_bl17
• compaq / tru644.0f – 4.0f
• FreeBSD / FreeBSD4.5 – 4.5
• FreeBSD / FreeBSD4.4 – 4.4
• FreeBSD / FreeBSD4.3 – 4.3
• FreeBSD / FreeBSD3.0 – 3.0
• FreeBSD / FreeBSD4.0 – 4.0
• FreeBSD / FreeBSD4.3 – 4.3
• FreeBSD / FreeBSD4.8 – 4.8
• FreeBSD / FreeBSD4.7 – 4.7
• FreeBSD / FreeBSD4.7 – 4.7
• FreeBSD / FreeBSD4.6 – 4.6
• FreeBSD / FreeBSD4.6 – 4.6
• FreeBSD / FreeBSD4.5 – 4.5
• FreeBSD / FreeBSD4.4 – 4.4
• FreeBSD / FreeBSD5.1 – 5.1
• FreeBSD / FreeBSD5.1 – 5.1
• FreeBSD / FreeBSD5.0 – 5.0
• FreeBSD / FreeBSD5.0 – 5.0
• FreeBSD / FreeBSD4.9 – 4.9
• FreeBSD / FreeBSD4.8 – 4.8
• gentoo / linux0.7 – 0.7
• gentoo / linux0.5 – 0.5
• gentoo / linux1.1a – 1.1a
• gentoo / linux1.2 – 1.2
• gentoo / linux1.4 – 1.4
• gentoo / linux1.4 – 1.4
• gentoo / linux1.4 – 1.4
• HP / hp-ux11.00 – 11.00
• HP / hp-ux11.11 – 11.11
• HP / hp-ux11.22 – 11.22
• HP / hp-ux11.0.4 – 11.0.4
• ibm / aix5.1 – 5.1
• ibm / aix4.3.3 – 4.3.3
• ibm / aix5.2 – 5.2
• NetBSD / netbsd1.5.2 – 1.5.2
• NetBSD / netbsd1.4.3 – 1.4.3
• NetBSD / netbsd1.5 – 1.5
• NetBSD / netbsd1.5 – 1.5
• NetBSD / netbsd1.5 – 1.5
• NetBSD / netbsd1.5.1 – 1.5.1
• NetBSD / netbsd1.5.3 – 1.5.3
• NetBSD / netbsd1.6 – 1.6
• NetBSD / netbsd1.6 – 1.6
• NetBSD / netbsd1.6.1 – 1.6.1
• sendmail / advanced_message_server1.3 – 1.3
• sendmail / advanced_message_server1.2 – 1.2
• sendmail / sendmail8.10.2 – 8.10.2
• sendmail / sendmail8.10.1 – 8.10.1
• sendmail / sendmail8.10 – 8.10
• sendmail / sendmail8.9.3 – 8.9.3
• sendmail / sendmail8.9.2 – 8.9.2
• sendmail / sendmail8.9.1 – 8.9.1
• sendmail / sendmail8.9.0 – 8.9.0
• sendmail / sendmail8.8.8 – 8.8.8
• sendmail / sendmail3.0.3 – 3.0.3
• sendmail / sendmail3.0.2 – 3.0.2
• sendmail / sendmail3.0.1 – 3.0.1
• sendmail / sendmail3.0 – 3.0
• sendmail / sendmail2.6.2 – 2.6.2
• sendmail / sendmail2.6.1 – 2.6.1
• sendmail / sendmail2.6 – 2.6
• sendmail / sendmail8.11.2 – 8.11.2
• sendmail / sendmail8.11.0 – 8.11.0
• sendmail / sendmail8.11.3 – 8.11.3
• sendmail / sendmail8.11.1 – 8.11.1
• sendmail / sendmail8.12.9 – 8.12.9
• sendmail / sendmail8.12.8 – 8.12.8
• sendmail / sendmail8.12.7 – 8.12.7
• sendmail / sendmail8.12.6 – 8.12.6
• sendmail / sendmail8.12.5 – 8.12.5
• sendmail / sendmail8.12.4 – 8.12.4
• sendmail / sendmail8.12.3 – 8.12.3
• sendmail / sendmail8.12.2 – 8.12.2
• sendmail / sendmail8.12.1 – 8.12.1
• sendmail / sendmail8.12.0 – 8.12.0
• sendmail / sendmail8.12 – 8.12
• sendmail / sendmail8.12 – 8.12
• sendmail / sendmail8.12 – 8.12
• sendmail / sendmail8.12 – 8.12
• sendmail / sendmail8.12 – 8.12
• sendmail / sendmail8.11.6 – 8.11.6
• sendmail / sendmail8.11.5 – 8.11.5
• sendmail / sendmail8.11.4 – 8.11.4
• sendmail / sendmail_pro8.9.3 – 8.9.3
• sendmail / sendmail_pro8.9.2 – 8.9.2
• sendmail / sendmail_switch2.2.2 – 2.2.2
• sendmail / sendmail_switch3.0.3 – 3.0.3
• sendmail / sendmail_switch3.0.2 – 3.0.2
• sendmail / sendmail_switch3.0.1 – 3.0.1
• sendmail / sendmail_switch3.0 – 3.0
• sendmail / sendmail_switch2.2.5 – 2.2.5
• sendmail / sendmail_switch2.2.4 – 2.2.4
• sendmail / sendmail_switch2.2.3 – 2.2.3
• sendmail / sendmail_switch2.2.1 – 2.2.1
• sendmail / sendmail_switch2.2 – 2.2
• sendmail / sendmail_switch2.1.5 – 2.1.5
• sendmail / sendmail_switch2.1.4 – 2.1.4
• sendmail / sendmail_switch2.1.3 – 2.1.3
• sendmail / sendmail_switch2.1.2 – 2.1.2
• sendmail / sendmail_switch2.1.1 – 2.1.1
• sendmail / sendmail_switch2.1 – 2.1
• sgi / irix6.5.17f – 6.5.17f
• sgi / irix6.5.15 – 6.5.15
• sgi / irix6.5.16 – 6.5.16
• sgi / irix6.5.21m – 6.5.21m
• sgi / irix6.5.21f – 6.5.21f
• sgi / irix6.5.20m – 6.5.20m
• sgi / irix6.5.20f – 6.5.20f
• sgi / irix6.5.19m – 6.5.19m
• sgi / irix6.5.19f – 6.5.19f
• sgi / irix6.5.18m – 6.5.18m
• sgi / irix6.5.18f – 6.5.18f
• sgi / irix6.5.17m – 6.5.17m
• sun / solaris2.6 – 2.6
• sun / solaris8.0 – 8.0
• sun / solaris9.0 – 9.0
• sun / solaris9.0 – 9.0
• sun / solaris7.0 – 7.0
• sun / sunos
• sun / sunos5.7 – 5.7
• sun / sunos5.8 – 5.8
• turbolinux / turbolinux_advanced_server6.0 – 6.0
• turbolinux / turbolinux_server6.1 – 6.1
• turbolinux / turbolinux_server6.5 – 6.5
• turbolinux / turbolinux_server7.0 – 7.0
• turbolinux / turbolinux_server8.0 – 8.0
• turbolinux / turbolinux_workstation6.0 – 6.0
• turbolinux / turbolinux_workstation7.0 – 7.0
• turbolinux / turbolinux_workstation8.0 – 8.0

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=106398718909274&w=2
• MISChttp://www.sendmail.org/8.12.10.html
• MISChttp://www.redhat.com/support/errata/RHSA-2003-283.html
• MISChttp://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html
• VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2003-25.html
• MISChttp://www.kb.cert.org/vuls/id/784980
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:092
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603
• MAILING_LISThttp://marc.info/?l=bugtraq&m=106382859407683&w=2
• VENDOR_ADVISORYhttp://www.debian.org/security/2003/dsa-384
• MISCftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
• MISChttp://www.redhat.com/support/errata/RHSA-2003-284.html
• MAILING_LISThttp://marc.info/?l=bugtraq&m=106383437615742&w=2
• MISChttp://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572
• MAILING_LISThttp://marc.info/?l=bugtraq&m=106381604923204&w=2
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975
• MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742