10 - RHSA-2003:121

Executive Summary

Summary
Title	Updated sendmail packages fix vulnerability

Informations
Name	RHSA-2003:121	First vendor Publication	2003-03-31
Vendor	RedHat	Last vendor Modification	2003-03-31
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2003-121.html

CWE : Common Weakness Enumeration

%	Id	Name

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sendmail cpe:2.3:a:sendmail:sendmail:8.9.3:::::::* cpe:2.3:a:sendmail:sendmail:8.9.2:::::::* cpe:2.3:a:sendmail:sendmail:8.9.1:::::::* cpe:2.3:a:sendmail:sendmail:8.9.0:::::::* cpe:2.3:a:sendmail:sendmail:8.12.8:::::::* cpe:2.3:a:sendmail:sendmail:8.12.7:::::::* cpe:2.3:a:sendmail:sendmail:8.12.6:::::::* cpe:2.3:a:sendmail:sendmail:8.12.5:::::::* cpe:2.3:a:sendmail:sendmail:8.12.4:::::::* cpe:2.3:a:sendmail:sendmail:8.12.3:::::::* cpe:2.3:a:sendmail:sendmail:8.12.2:::::::* cpe:2.3:a:sendmail:sendmail:8.12.1:::::::* cpe:2.3:a:sendmail:sendmail:8.12.0:::::::* cpe:2.3:a:sendmail:sendmail:8.12:beta10:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta12:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta16:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta5:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta7:::::: cpe:2.3:a:sendmail:sendmail:8.11.6:::::::* cpe:2.3:a:sendmail:sendmail:8.11.5:::::::* cpe:2.3:a:sendmail:sendmail:8.11.4:::::::* cpe:2.3:a:sendmail:sendmail:8.11.3:::::::* cpe:2.3:a:sendmail:sendmail:8.11.2:::::::* cpe:2.3:a:sendmail:sendmail:8.11.1:::::::* cpe:2.3:a:sendmail:sendmail:8.11.0:::::::* cpe:2.3:a:sendmail:sendmail:8.10.2:::::::* cpe:2.3:a:sendmail:sendmail:8.10.1:::::::* cpe:2.3:a:sendmail:sendmail:8.10:::::::* cpe:2.3:a:sendmail:sendmail:3.0.3:::::::* cpe:2.3:a:sendmail:sendmail:3.0.2:::::::* cpe:2.3:a:sendmail:sendmail:3.0.1:::::::* cpe:2.3:a:sendmail:sendmail:3.0:::::::* cpe:2.3:a:sendmail:sendmail:2.6.2:::::::* cpe:2.3:a:sendmail:sendmail:2.6.1:::::::* cpe:2.3:a:sendmail:sendmail:2.6:::::::*	35
Application	Sendmail Sendmail Switch cpe:2.3:a:sendmail:sendmail_switch:3.0.3:::::::* cpe:2.3:a:sendmail:sendmail_switch:3.0.2:::::::* cpe:2.3:a:sendmail:sendmail_switch:3.0.1:::::::* cpe:2.3:a:sendmail:sendmail_switch:3.0:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.5:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.4:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.3:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.2:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.1:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.5:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.4:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.3:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.2:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.1:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1:::::::*	16
Os	Compaq tru64 cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:::::::* cpe:2.3:o:compaq:tru64:5.1b:::::::* cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:::::::* cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:::::::* cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:::::::* cpe:2.3:o:compaq:tru64:5.1a:::::::* cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:::::::* cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:::::::* cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:::::::* cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:::::::* cpe:2.3:o:compaq:tru64:5.1:::::::* cpe:2.3:o:compaq:tru64:5.0f:::::::* cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:::::::* cpe:2.3:o:compaq:tru64:5.0a:::::::* cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:::::::* cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:::::::* cpe:2.3:o:compaq:tru64:5.0:::::::* cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:::::::* cpe:2.3:o:compaq:tru64:4.0g:::::::* cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:::::::* cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:::::::* cpe:2.3:o:compaq:tru64:4.0f:::::::* cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:::::::* cpe:2.3:o:compaq:tru64:4.0d:::::::* cpe:2.3:o:compaq:tru64:4.0b:::::::*	25
Os	Hp Hp-Ux cpe:2.3:o:hp:hp-ux:11.22:::::::* cpe:2.3:o:hp:hp-ux:11.20:::::::* cpe:2.3:o:hp:hp-ux:11.11:::::::* cpe:2.3:o:hp:hp-ux:11.00:::::::* cpe:2.3:o:hp:hp-ux:11.0.4:::::::* cpe:2.3:o:hp:hp-ux:10.34:::::::* cpe:2.3:o:hp:hp-ux:10.30:::::::* cpe:2.3:o:hp:hp-ux:10.26:::::::* cpe:2.3:o:hp:hp-ux:10.24:::::::* cpe:2.3:o:hp:hp-ux:10.20:::::::* cpe:2.3:o:hp:hp-ux:10.16:::::::* cpe:2.3:o:hp:hp-ux:10.10:::::::* cpe:2.3:o:hp:hp-ux:10.09:::::::* cpe:2.3:o:hp:hp-ux:10.08:::::::* cpe:2.3:o:hp:hp-ux:10.01:::::::* cpe:2.3:o:hp:hp-ux:10.00:::::::*	16
Os	Hp Hp-Ux Series 700 cpe:2.3:o:hp:hp-ux_series_700:10.20:::::::*	1
Os	Hp Hp-Ux Series 800 cpe:2.3:o:hp:hp-ux_series_800:10.20:::::::*	1
Os	Hp Sis cpe:2.3:o:hp:sis::::::::	1
Os	Sun Solaris cpe:2.3:o:sun:solaris:9.0::x86::::: cpe:2.3:o:sun:solaris:9.0::sparc::::: cpe:2.3:o:sun:solaris:9.0:x86_update_2:::::: cpe:2.3:o:sun:solaris:8.0::x86::::: cpe:2.3:o:sun:solaris:7.0::x86::::: cpe:2.3:o:sun:solaris:2.5.1::ppc::::: cpe:2.3:o:sun:solaris:2.5.1::x86::::: cpe:2.3:o:sun:solaris:2.5::x86::::: cpe:2.3:o:sun:solaris:2.4::x86:::::	9
Os	Sun Sunos cpe:2.3:o:sun:sunos:5.8:::::::* cpe:2.3:o:sun:sunos:5.7:::::::* cpe:2.3:o:sun:sunos:5.6:::::::* cpe:2.3:o:sun:sunos:5.5.1:::::::* cpe:2.3:o:sun:sunos:5.5:::::::* cpe:2.3:o:sun:sunos:5.4:::::::* cpe:2.3:o:sun:sunos:-:::::::*	7

OpenVAS Exploits

Date	Description
2008-01-17	Name : Debian Security Advisory DSA 278-1 (sendmail) File : nvt/deb_278_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 278-2 (sendmail) File : nvt/deb_278_2.nasl
2008-01-17	Name : Debian Security Advisory DSA 290-1 (sendmail-wide) File : nvt/deb_290_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
8294	Sendmail NOCHAR Control Value prescan Overflow A remote overflow exists in Sendmail. Due to a vulnerable char to int conversion it is possible to use the NOCHAR control value to bypass the length check done by the prescan function resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2014-01-10	Sendmail RCPT TO prescan too long addresses overflow RuleID : 2270-community - Revision : 18 - Type : SERVER-MAIL
2014-01-10	Sendmail RCPT TO prescan too long addresses overflow RuleID : 2270 - Revision : 18 - Type : SERVER-MAIL
2014-01-10	Sendmail MAIL FROM prescan too long addresses overflow RuleID : 2268-community - Revision : 16 - Type : SERVER-MAIL
2014-01-10	Sendmail MAIL FROM prescan too long addresses overflow RuleID : 2268 - Revision : 16 - Type : SERVER-MAIL
2014-01-10	Sendmail SOML FROM prescan too long addresses overflow RuleID : 2266-community - Revision : 16 - Type : SERVER-MAIL
2014-01-10	Sendmail SOML FROM prescan too long addresses overflow RuleID : 2266 - Revision : 16 - Type : SERVER-MAIL
2014-01-10	Sendmail SAML FROM prescan too long addresses overflow RuleID : 2264-community - Revision : 16 - Type : SERVER-MAIL
2014-01-10	Sendmail SAML FROM prescan too long addresses overflow RuleID : 2264 - Revision : 16 - Type : SERVER-MAIL
2014-01-10	Sendmail SEND FROM prescan too long addresses overflow RuleID : 2262-community - Revision : 16 - Type : SERVER-MAIL
2014-01-10	Sendmail SEND FROM prescan too long addresses overflow RuleID : 2262 - Revision : 16 - Type : SERVER-MAIL
2014-01-10	VRFY overflow attempt RuleID : 2260-community - Revision : 17 - Type : SERVER-MAIL
2014-01-10	VRFY overflow attempt RuleID : 2260 - Revision : 17 - Type : SERVER-MAIL
2014-01-10	EXPN overflow attempt RuleID : 2259-community - Revision : 17 - Type : SERVER-MAIL
2014-01-10	EXPN overflow attempt RuleID : 2259 - Revision : 17 - Type : SERVER-MAIL
2014-01-10	Sendmail Content-Transfer-Encoding overflow attempt RuleID : 2183-community - Revision : 16 - Type : SERVER-MAIL
2014-01-10	Sendmail Content-Transfer-Encoding overflow attempt RuleID : 2183 - Revision : 16 - Type : SERVER-MAIL

Nessus® Vulnerability Scanner

Date	Description
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_35483.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_35484.nasl - Type : ACT_GATHER_INFO
2005-02-16	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_28409.nasl - Type : ACT_GATHER_INFO
2005-02-16	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_29526.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-278.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-290.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-042.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-121.nasl - Type : ACT_GATHER_INFO
2003-03-29	Name : Arbitrary code may be run on the remote server File : sendmail_conversion_overflow.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:48:07	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	111
osvdb(s)	1
Openvas Exploit(s)	3
Snort® Rule(s)	16
Nessus® Exploit(s)	9

	Related
10	RHSA-2003:284
10	CVE-2003-0161
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0439s

Facebook rss twitter linkedin mail