7.5 - CVE-2003-0681

Executive Summary

Informations
Name	CVE-2003-0681	First vendor Publication	2003-10-06
Vendor	Cve	Last vendor Modification	2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0681

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:3606

Oval ID:	oval:org.mitre.oval:def:3606
Title:	Sendmail Ruleset Parsing Buffer Overflow
Description:	A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0681	Version:	1
Platform(s):	Sun Solaris 7 Sun Solaris 8 Sun Solaris 9	Product(s):	Sendmail
Definition Synopsis:
Software section Sendmail - root (SUNWsndmr) installed AND Solaris 7,8,or 9 installed Solaris 8 Installed AND Solaris 7 Installed AND Solaris 9 Installed AND NOT Patch 107684-11 or later installed AND NOT Patch 110615-11 or later installed AND NOT Patch 113575-05 or later installed AND Configuration section Sendmail running AND Sendmail has recipient or final rulesets

Definition Id: oval:org.mitre.oval:def:595

Oval ID:	oval:org.mitre.oval:def:595
Title:	Potential BO in Ruleset Parsing for Sendmail
Description:	A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0681	Version:	4
Platform(s):	Red Hat Linux 9	Product(s):	Sendmail
Definition Synopsis:
Software section Red Hat 9 is installed AND ix86 architecture AND sendmail version is less than 8.12.8-9.90 AND Configuration section Vulnerable Config sendmail is Set-UID sendmail is Set-UID AND sendmail is Set-UID sendmail is Set-UID AND sendmail is Set-UID OR sendmail is Set-GID sendmail is Set-GID AND sendmail is Set-UID AND sendmail listening

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sendmail Advanced Message Server cpe:2.3:a:sendmail:advanced_message_server:1.3:::::::* cpe:2.3:a:sendmail:advanced_message_server:1.2:::::::*	2
Application	Sendmail cpe:2.3:a:sendmail:sendmail:8.9.3:::::::* cpe:2.3:a:sendmail:sendmail:8.9.2:::::::* cpe:2.3:a:sendmail:sendmail:8.9.1:::::::* cpe:2.3:a:sendmail:sendmail:8.9.0:::::::* cpe:2.3:a:sendmail:sendmail:8.8.8:::::::* cpe:2.3:a:sendmail:sendmail:8.12.9:::::::* cpe:2.3:a:sendmail:sendmail:8.12.8:::::::* cpe:2.3:a:sendmail:sendmail:8.12.7:::::::* cpe:2.3:a:sendmail:sendmail:8.12.6:::::::* cpe:2.3:a:sendmail:sendmail:8.12.5:::::::* cpe:2.3:a:sendmail:sendmail:8.12.4:::::::* cpe:2.3:a:sendmail:sendmail:8.12.3:::::::* cpe:2.3:a:sendmail:sendmail:8.12.2:::::::* cpe:2.3:a:sendmail:sendmail:8.12.1:::::::* cpe:2.3:a:sendmail:sendmail:8.12.0:::::::* cpe:2.3:a:sendmail:sendmail:8.12:beta10:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta12:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta16:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta5:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta7:::::: cpe:2.3:a:sendmail:sendmail:8.11.6:::::::* cpe:2.3:a:sendmail:sendmail:8.11.5:::::::* cpe:2.3:a:sendmail:sendmail:8.11.4:::::::* cpe:2.3:a:sendmail:sendmail:8.11.3:::::::* cpe:2.3:a:sendmail:sendmail:8.11.2:::::::* cpe:2.3:a:sendmail:sendmail:8.11.1:::::::* cpe:2.3:a:sendmail:sendmail:8.11.0:::::::* cpe:2.3:a:sendmail:sendmail:8.10.2:::::::* cpe:2.3:a:sendmail:sendmail:8.10.1:::::::* cpe:2.3:a:sendmail:sendmail:8.10:::::::* cpe:2.3:a:sendmail:sendmail:3.0.3:::::::* cpe:2.3:a:sendmail:sendmail:3.0.2:::::::* cpe:2.3:a:sendmail:sendmail:3.0.1:::::::* cpe:2.3:a:sendmail:sendmail:3.0:::::::* cpe:2.3:a:sendmail:sendmail:2.6.2:::::::* cpe:2.3:a:sendmail:sendmail:2.6.1:::::::* cpe:2.3:a:sendmail:sendmail:2.6:::::::*	37
Application	Sendmail Sendmail Pro cpe:2.3:a:sendmail:sendmail_pro:8.9.3:::::::* cpe:2.3:a:sendmail:sendmail_pro:8.9.2:::::::*	2
Application	Sendmail Sendmail Switch cpe:2.3:a:sendmail:sendmail_switch:3.0.3:::::::* cpe:2.3:a:sendmail:sendmail_switch:3.0.2:::::::* cpe:2.3:a:sendmail:sendmail_switch:3.0.1:::::::* cpe:2.3:a:sendmail:sendmail_switch:3.0:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.5:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.4:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.3:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.2:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2.1:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.2:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.5:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.4:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.3:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.2:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1.1:::::::* cpe:2.3:a:sendmail:sendmail_switch:2.1:::::::*	16
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::*	7
Os	Apple Mac Os X Server cpe:2.3:o:apple:mac_os_x_server:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2:::::::*	7
Os	Gentoo Linux cpe:2.3:o:gentoo:linux:1.4:rc2:::::: cpe:2.3:o:gentoo:linux:1.4:rc1:::::: cpe:2.3:o:gentoo:linux:1.4:rc3:::::: cpe:2.3:o:gentoo:linux:1.2:::::::* cpe:2.3:o:gentoo:linux:1.1a:::::::* cpe:2.3:o:gentoo:linux:0.7:::::::* cpe:2.3:o:gentoo:linux:0.5:::::::*	7
Os	Hp Hp-Ux cpe:2.3:o:hp:hp-ux:11.22:::::::* cpe:2.3:o:hp:hp-ux:11.11:::::::* cpe:2.3:o:hp:hp-ux:11.00:::::::* cpe:2.3:o:hp:hp-ux:11.0.4:::::::*	4
Os	Ibm Aix cpe:2.3:o:ibm:aix:5.2:::::::* cpe:2.3:o:ibm:aix:5.1:::::::* cpe:2.3:o:ibm:aix:4.3.3:::::::*	3
Os	Netbsd cpe:2.3:o:netbsd:netbsd:1.6.1:::::::* cpe:2.3:o:netbsd:netbsd:1.6:::::::* cpe:2.3:o:netbsd:netbsd:1.6:beta:::::: cpe:2.3:o:netbsd:netbsd:1.5.3:::::::* cpe:2.3:o:netbsd:netbsd:1.5.2:::::::* cpe:2.3:o:netbsd:netbsd:1.5.1:::::::* cpe:2.3:o:netbsd:netbsd:1.5:::::::* cpe:2.3:o:netbsd:netbsd:1.5::x86::::: cpe:2.3:o:netbsd:netbsd:1.5::sh3::::: cpe:2.3:o:netbsd:netbsd:1.4.3:::::::*	10
Os	Openbsd cpe:2.3:o:openbsd:openbsd:3.3:::::::* cpe:2.3:o:openbsd:openbsd:3.2:::::::*	2
Os	Turbolinux Turbolinux Advanced Server cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0:::::::*	1
Os	Turbolinux Turbolinux Server cpe:2.3:o:turbolinux:turbolinux_server:8.0:::::::* cpe:2.3:o:turbolinux:turbolinux_server:7.0:::::::* cpe:2.3:o:turbolinux:turbolinux_server:6.5:::::::* cpe:2.3:o:turbolinux:turbolinux_server:6.1:::::::*	4
Os	Turbolinux Turbolinux Workstation cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:::::::* cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:::::::* cpe:2.3:o:turbolinux:turbolinux_workstation:6.0:::::::*	3

OpenVAS Exploits

Date	Description
2009-05-05	Name : HP-UX Update for sendmail HPSBUX00281 File : nvt/gb_hp_ux_HPSBUX00281.nasl
2008-01-17	Name : Debian Security Advisory DSA 384-1 (sendmail) File : nvt/deb_384_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
2577	Sendmail prescan() Function Remote Overflow A remote overflow exists in Sendmail. The "prescan()" function fails to perform proper bounds checking resulting in a buffer overflow. By using an email message with a specially crafted address, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Nessus® Vulnerability Scanner

Date	Description
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_35483.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_35484.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_35485.nasl - Type : ACT_GATHER_INFO
2005-02-16	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_29912.nasl - Type : ACT_GATHER_INFO
2005-02-16	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_30224.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-384.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-092.nasl - Type : ACT_GATHER_INFO
2003-09-17	Name : The remote mail server is prone to multiple buffer overflow attacks. File : sendmail_prescan_overflow.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742
http://marc.info/?l=bugtraq&m=106383437615742&w=2
http://marc.info/?l=bugtraq&m=106398718909274&w=2
http://www.debian.org/security/2003/dsa-384
http://www.kb.cert.org/vuls/id/108964
http://www.mandriva.com/security/advisories?name=MDKSA-2003:092
http://www.redhat.com/support/errata/RHSA-2003-283.html
http://www.securityfocus.com/bid/8649
http://www.sendmail.org/8.12.10.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:23:22	Multiple Updates
2024-11-28 12:05:41	Multiple Updates
2021-05-04 12:02:07	Multiple Updates
2021-04-22 01:02:14	Multiple Updates
2020-05-23 00:15:28	Multiple Updates
2018-05-03 09:19:25	Multiple Updates
2017-07-11 12:01:17	Multiple Updates
2016-10-18 12:01:12	Multiple Updates
2016-04-26 12:36:18	Multiple Updates
2014-02-17 10:26:28	Multiple Updates
2013-05-11 11:52:30	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	2
CPE ID(s)	105
Sources(s)	12
osvdb(s)	1
Openvas Exploit(s)	2
Nessus® Exploit(s)	8

	Related
10	DSA-384
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.5 - CVE-2003-0681

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU