PT-2003-1802 · Sendmail · Sendmail

Michal Zalewski

Published

2003-09-18

Updated

2018-10-30

CVE-2003-0694

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Sendmail version 8.12.9

Description: The issue allows remote attackers to execute arbitrary code via buffer overflow attacks. This is demonstrated using the parseaddr function in parseaddr.c, which is part of the prescan function.

Recommendations: For Sendmail version 8.12.9, consider disabling the prescan function as a temporary workaround until a patch is available. Restrict access to the parseaddr function in parseaddr.c to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0694

DSA-384

Affected Products

Sendmail

PT-2003-1802 · Sendmail · Sendmail

CVE-2003-0694

Related Identifiers

Affected Products

References · 23