// For flags

CVE-2002-1337

Sendmail 8.11.x (Linux/i386) - Local Privilege Escalation

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Desbordamiento de búfer en Sendmail 5.79 a la 8.12.7 que permite a atacantes remotos la ejecución arbitraria de código mediante ciertos campos de dirección formateados, relativos a comentarios de cabecera de emisor y receptor, procesados por la función crackaddr del fichero headers.c.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2001-01-01 First Exploit
  • 2002-12-03 CVE Reserved
  • 2003-03-04 CVE Published
  • 2024-08-08 CVE Updated
  • 2024-09-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (30)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sendmail
Search vendor "Sendmail"
Sendmail
Search vendor "Sendmail" for product "Sendmail"
< 8.9.3
Search vendor "Sendmail" for product "Sendmail" and version " < 8.9.3"
-
Affected
Sendmail
Search vendor "Sendmail"
Sendmail
Search vendor "Sendmail" for product "Sendmail"
>= 8.10.0 < 8.11.6
Search vendor "Sendmail" for product "Sendmail" and version " >= 8.10.0 < 8.11.6"
-
Affected
Sendmail
Search vendor "Sendmail"
Sendmail
Search vendor "Sendmail" for product "Sendmail"
>= 8.12.0 < 8.12.8
Search vendor "Sendmail" for product "Sendmail" and version " >= 8.12.0 < 8.12.8"
-
Affected
Hp
Search vendor "Hp"
Alphaserver Sc
Search vendor "Hp" for product "Alphaserver Sc"
*-
Affected
Gentoo
Search vendor "Gentoo"
Linux
Search vendor "Gentoo" for product "Linux"
1.4
Search vendor "Gentoo" for product "Linux" and version "1.4"
rc1
Affected
Gentoo
Search vendor "Gentoo"
Linux
Search vendor "Gentoo" for product "Linux"
1.4
Search vendor "Gentoo" for product "Linux" and version "1.4"
rc2
Affected
Hp
Search vendor "Hp"
Hp-ux
Search vendor "Hp" for product "Hp-ux"
10.10
Search vendor "Hp" for product "Hp-ux" and version "10.10"
-
Affected
Hp
Search vendor "Hp"
Hp-ux
Search vendor "Hp" for product "Hp-ux"
10.20
Search vendor "Hp" for product "Hp-ux" and version "10.20"
-
Affected
Hp
Search vendor "Hp"
Hp-ux
Search vendor "Hp" for product "Hp-ux"
11.00
Search vendor "Hp" for product "Hp-ux" and version "11.00"
-
Affected
Hp
Search vendor "Hp"
Hp-ux
Search vendor "Hp" for product "Hp-ux"
11.0.4
Search vendor "Hp" for product "Hp-ux" and version "11.0.4"
-
Affected
Hp
Search vendor "Hp"
Hp-ux
Search vendor "Hp" for product "Hp-ux"
11.11
Search vendor "Hp" for product "Hp-ux" and version "11.11"
-
Affected
Hp
Search vendor "Hp"
Hp-ux
Search vendor "Hp" for product "Hp-ux"
11.22
Search vendor "Hp" for product "Hp-ux" and version "11.22"
-
Affected
Netbsd
Search vendor "Netbsd"
Netbsd
Search vendor "Netbsd" for product "Netbsd"
1.5
Search vendor "Netbsd" for product "Netbsd" and version "1.5"
-
Affected
Netbsd
Search vendor "Netbsd"
Netbsd
Search vendor "Netbsd" for product "Netbsd"
1.5.1
Search vendor "Netbsd" for product "Netbsd" and version "1.5.1"
-
Affected
Netbsd
Search vendor "Netbsd"
Netbsd
Search vendor "Netbsd" for product "Netbsd"
1.5.2
Search vendor "Netbsd" for product "Netbsd" and version "1.5.2"
-
Affected
Netbsd
Search vendor "Netbsd"
Netbsd
Search vendor "Netbsd" for product "Netbsd"
1.5.3
Search vendor "Netbsd" for product "Netbsd" and version "1.5.3"
-
Affected
Netbsd
Search vendor "Netbsd"
Netbsd
Search vendor "Netbsd" for product "Netbsd"
1.6
Search vendor "Netbsd" for product "Netbsd" and version "1.6"
-
Affected
Oracle
Search vendor "Oracle"
Solaris
Search vendor "Oracle" for product "Solaris"
2.6
Search vendor "Oracle" for product "Solaris" and version "2.6"
-
Affected
Oracle
Search vendor "Oracle"
Solaris
Search vendor "Oracle" for product "Solaris"
7.0
Search vendor "Oracle" for product "Solaris" and version "7.0"
-
Affected
Oracle
Search vendor "Oracle"
Solaris
Search vendor "Oracle" for product "Solaris"
8
Search vendor "Oracle" for product "Solaris" and version "8"
-
Affected
Oracle
Search vendor "Oracle"
Solaris
Search vendor "Oracle" for product "Solaris"
9
Search vendor "Oracle" for product "Solaris" and version "9"
-
Affected
Sun
Search vendor "Sun"
Sunos
Search vendor "Sun" for product "Sunos"
--
Affected
Sun
Search vendor "Sun"
Sunos
Search vendor "Sun" for product "Sunos"
5.7
Search vendor "Sun" for product "Sunos" and version "5.7"
-
Affected
Sun
Search vendor "Sun"
Sunos
Search vendor "Sun" for product "Sunos"
5.8
Search vendor "Sun" for product "Sunos" and version "5.8"
-
Affected
Windriver
Search vendor "Windriver"
Bsdos
Search vendor "Windriver" for product "Bsdos"
4.2
Search vendor "Windriver" for product "Bsdos" and version "4.2"
-
Affected
Windriver
Search vendor "Windriver"
Bsdos
Search vendor "Windriver" for product "Bsdos"
4.3.1
Search vendor "Windriver" for product "Bsdos" and version "4.3.1"
-
Affected
Windriver
Search vendor "Windriver"
Bsdos
Search vendor "Windriver" for product "Bsdos"
5.0
Search vendor "Windriver" for product "Bsdos" and version "5.0"
-
Affected
Windriver
Search vendor "Windriver"
Platform Sa
Search vendor "Windriver" for product "Platform Sa"
1.0
Search vendor "Windriver" for product "Platform Sa" and version "1.0"
-
Affected