CVE-2002-1337
Sendmail 8.11.x (Linux/i386) - Local Privilege Escalation
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Desbordamiento de búfer en Sendmail 5.79 a la 8.12.7 que permite a atacantes remotos la ejecución arbitraria de código mediante ciertos campos de dirección formateados, relativos a comentarios de cabecera de emisor y receptor, procesados por la función crackaddr del fichero headers.c.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2001-01-01 First Exploit
- 2002-12-03 CVE Reserved
- 2003-03-04 CVE Published
- 2024-08-08 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (30)
URL | Tag | Source |
---|---|---|
http://marc.info/?l=bugtraq&m=104673778105192&w=2 | Mailing List | |
http://marc.info/?l=bugtraq&m=104678739608479&w=2 | Mailing List | |
http://marc.info/?l=bugtraq&m=104678862109841&w=2 | Mailing List | |
http://marc.info/?l=bugtraq&m=104678862409849&w=2 | Mailing List | |
http://www.iss.net/security_center/static/10748.php | Broken Link | |
http://www.kb.cert.org/vuls/id/398025 | Third Party Advisory | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 | Broken Link |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/411 | 2001-01-01 | |
https://www.exploit-db.com/exploits/22313 | 2003-03-02 | |
https://www.exploit-db.com/exploits/22314 | 2003-03-02 | |
http://www.securityfocus.com/bid/6991 | 2024-08-08 |
URL | Date | SRC |
---|---|---|
http://www.cert.org/advisories/CA-2003-07.html | 2024-02-09 | |
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 | 2024-02-09 | |
http://www.sendmail.org/8.12.8.html | 2024-02-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sendmail Search vendor "Sendmail" | Sendmail Search vendor "Sendmail" for product "Sendmail" | < 8.9.3 Search vendor "Sendmail" for product "Sendmail" and version " < 8.9.3" | - |
Affected
| ||||||
Sendmail Search vendor "Sendmail" | Sendmail Search vendor "Sendmail" for product "Sendmail" | >= 8.10.0 < 8.11.6 Search vendor "Sendmail" for product "Sendmail" and version " >= 8.10.0 < 8.11.6" | - |
Affected
| ||||||
Sendmail Search vendor "Sendmail" | Sendmail Search vendor "Sendmail" for product "Sendmail" | >= 8.12.0 < 8.12.8 Search vendor "Sendmail" for product "Sendmail" and version " >= 8.12.0 < 8.12.8" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Alphaserver Sc Search vendor "Hp" for product "Alphaserver Sc" | * | - |
Affected
| ||||||
Gentoo Search vendor "Gentoo" | Linux Search vendor "Gentoo" for product "Linux" | 1.4 Search vendor "Gentoo" for product "Linux" and version "1.4" | rc1 |
Affected
| ||||||
Gentoo Search vendor "Gentoo" | Linux Search vendor "Gentoo" for product "Linux" | 1.4 Search vendor "Gentoo" for product "Linux" and version "1.4" | rc2 |
Affected
| ||||||
Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | 10.10 Search vendor "Hp" for product "Hp-ux" and version "10.10" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | 10.20 Search vendor "Hp" for product "Hp-ux" and version "10.20" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | 11.00 Search vendor "Hp" for product "Hp-ux" and version "11.00" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | 11.0.4 Search vendor "Hp" for product "Hp-ux" and version "11.0.4" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | 11.11 Search vendor "Hp" for product "Hp-ux" and version "11.11" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | 11.22 Search vendor "Hp" for product "Hp-ux" and version "11.22" | - |
Affected
| ||||||
Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 1.5 Search vendor "Netbsd" for product "Netbsd" and version "1.5" | - |
Affected
| ||||||
Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 1.5.1 Search vendor "Netbsd" for product "Netbsd" and version "1.5.1" | - |
Affected
| ||||||
Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 1.5.2 Search vendor "Netbsd" for product "Netbsd" and version "1.5.2" | - |
Affected
| ||||||
Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 1.5.3 Search vendor "Netbsd" for product "Netbsd" and version "1.5.3" | - |
Affected
| ||||||
Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 1.6 Search vendor "Netbsd" for product "Netbsd" and version "1.6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 2.6 Search vendor "Oracle" for product "Solaris" and version "2.6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 7.0 Search vendor "Oracle" for product "Solaris" and version "7.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 8 Search vendor "Oracle" for product "Solaris" and version "8" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 9 Search vendor "Oracle" for product "Solaris" and version "9" | - |
Affected
| ||||||
Sun Search vendor "Sun" | Sunos Search vendor "Sun" for product "Sunos" | - | - |
Affected
| ||||||
Sun Search vendor "Sun" | Sunos Search vendor "Sun" for product "Sunos" | 5.7 Search vendor "Sun" for product "Sunos" and version "5.7" | - |
Affected
| ||||||
Sun Search vendor "Sun" | Sunos Search vendor "Sun" for product "Sunos" | 5.8 Search vendor "Sun" for product "Sunos" and version "5.8" | - |
Affected
| ||||||
Windriver Search vendor "Windriver" | Bsdos Search vendor "Windriver" for product "Bsdos" | 4.2 Search vendor "Windriver" for product "Bsdos" and version "4.2" | - |
Affected
| ||||||
Windriver Search vendor "Windriver" | Bsdos Search vendor "Windriver" for product "Bsdos" | 4.3.1 Search vendor "Windriver" for product "Bsdos" and version "4.3.1" | - |
Affected
| ||||||
Windriver Search vendor "Windriver" | Bsdos Search vendor "Windriver" for product "Bsdos" | 5.0 Search vendor "Windriver" for product "Bsdos" and version "5.0" | - |
Affected
| ||||||
Windriver Search vendor "Windriver" | Platform Sa Search vendor "Windriver" for product "Platform Sa" | 1.0 Search vendor "Windriver" for product "Platform Sa" and version "1.0" | - |
Affected
|