VDB
CVE-2003-0161
CVE-2003-0161
PUBLISHED
CVSS 10 CRITICAL
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
EPSS 60.09% · 98.3th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
60.09%
98.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| hp | hp-ux | 11.11, 11.0.4, 10.34 |
| n/a | n/a | n/a |
| hp | hp-ux_series_800 | 10.20 |
| sendmail | sendmail_switch | 3.0.1, 2.1, 2.1.1 |
| hp | hp-ux_series_700 | 10.20 |
| sendmail | sendmail | 8.12, 2.6, 2.6.1 |
| hp | sis | |
| sun | solaris | 2.6, 7.0, 2.5.1 |
| compaq | tru64 | 5.1a, 5.1a_pk1_bl1, 5.1a_pk2_bl2 |
| sun | sunos | 5.7, 5.8, 5.5.1 |
Timeline
- Mar 29, 2003 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 10, 2023 EPSS Score
References
- 1001088 vendor-advisory
- 52620 vendor-advisory
- 20030401-01-P vendor-advisory
- 7230 vdb
- 20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail) mailing-list
- RHSA-2003:120 vendor-advisory
- 20030401 Immunix Secured OS 7+ openssl update mailing-list
- DSA-278 vendor-advisory
- DSA-290 vendor-advisory
- http://lists.apple.com/mhonarc/security-announce/msg00028.html url
- 52700 vendor-advisory
- CA-2003-12 third-party-advisory
- CSSA-2003-016.0 vendor-advisory
- 20030331 GLSA: sendmail (200303-27) mailing-list
- RHSA-2003:121 vendor-advisory
- CLA-2003:614 vendor-advisory
- SCOSA-2004.11 vendor-advisory
- GLSA-200303-27 vendor-advisory
- 20030329 Sendmail: -1 gone wild mailing-list
- 20030329 Sendmail: -1 gone wild mailing-list
…and 5 more