National Cyber-Alert System
Vulnerability Summary: CVE-2003-0694
Orirignal release date: 2003-10-06
Source: US-CERT/NIST

Overview

    The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Impact

    CVSS Severity: 10 (High)
    Range: remote
    Authentication: input buffer="1"
    Impact Type: sec_prot admin="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    TurboLinux Workstation (TurboLinux)
    AIX (IBM)
    Mac OS X (Apple)
    Tru64 (Compaq)
    Gentoo Linux (Gentoo)
    Solaris (Sun)
    Sendmail Pro (Sendmail Inc)
    Sendmail (Sendmail Consortium)
    IRIX (SGI)
    HP-UX (HP)
    TurboLinux Server (TurboLinux)
    NetBSD (NetBSD)
    Sendmail Advanced Message Server (Sendmail Inc)
    Mac OS X Server (Apple)
    Sendmail (Sendmail Inc)
    TurboLinux Advanced Server (TurboLinux)
    FreeBSD (FreeBSD)
    Sendmail Switch (Sendmail Inc)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0694