Rapid7 Vulnerability & Exploit Database

Sendmail Header Parsing Buffer Overflow

Back to Search

Sendmail Header Parsing Buffer Overflow

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

03/07/2003

Created

07/25/2018

Added

11/01/2004

Modified

12/04/2013

Description

In versions of Sendmail between v5.79 and 8.12.7, a remote attacker can overflow a buffer in Sendmail's e-mail header processing logic to gain root privilege. Note that the buffer being overrun is static, so a platform with a non-executable stack is still vulnerable.

Solution(s)

sendmail-upgrade-8_12_8

References

https://attackerkb.com/topics/cve-2002-1337
6991
CSSA-2003-SCO.5
CSSA-2003-SCO.6
CA-2003-07
398025
CLA-2003:571
CVE - 2002-1337
DSA-257
MDKSA-2003:028
NetBSD-SA2003-002
OVAL2222
RHSA-2003:073
RHSA-2003:074
RHSA-2003:227
20030301-01-P
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
http://www.sendmail.org/8.12.8.html
10748

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Sendmail Header Parsing Buffer Overflow