VDB
CVE-2003-0694
CVE-2003-0694
PUBLISHED
CVSS 10 CRITICAL
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
EPSS 76.08% · 98.9th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
76.08%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| hp | hp-ux | 11.0.4, 11.22, 11.00 |
| turbolinux | turbolinux_advanced_server | 6.0 |
| freebsd | freebsd | 5.1, 5.0, 4.0 |
| sgi | irix | 6.5.19m, 6.5.20f, 6.5.20m |
| gentoo | linux | 1.4, 1.4, 1.4 |
| compaq | tru64 | *, *, * |
| sendmail | sendmail_switch | 2.1.4, 3.0.3, 3.0.2 |
| sun | sunos | 5.8, 5.7 |
| apple | mac_os_x_server | 10.2, 10.2.1, 10.2.2 |
| ibm | aix | 5.1, 4.3.3, 5.2 |
| sendmail | sendmail_pro | 8.9.3, 8.9.2 |
| turbolinux | turbolinux_server | 6.1, 7.0, 8.0 |
| netbsd | netbsd | 1.5.1, 1.5.2, 1.5 |
| turbolinux | turbolinux_workstation | 6.0, 8.0, 7.0 |
| sun | solaris | 8.0, 9.0, 9.0 |
| sendmail | advanced_message_server | 1.3, 1.2 |
| n/a | n/a | * |
| apple | mac_os_x | 10.2, 10.2.1, 10.2.2 |
| sendmail | sendmail | 8.11.0, 8.11.1, 8.11.2 |
Timeline
- Sep 17, 2003 CVE Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 26, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt technical
- 20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail) mailing-list
- http://www.sendmail.org/8.12.10.html url
- RHSA-2003:283 vendor-advisory
- 20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694] mailing-list
- CA-2003-25 third-party-advisory
- VU#784980 third-party-advisory
- MDKSA-2003:092 vendor-advisory
- oval:org.mitre.oval:def:603 vdb
- 20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02) mailing-list
- DSA-384 vendor-advisory
- RHSA-2003:284 vendor-advisory
- 20030917 GLSA: sendmail (200309-13) mailing-list
- 20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug mailing-list
- oval:org.mitre.oval:def:572 vdb
- 20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694] mailing-list
- oval:org.mitre.oval:def:2975 vdb
- CLA-2003:742 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2003-0694 advisory