Vulnerability Note VU#784980
Sendmail prescan() buffer overflow vulnerability
Sendmail contains a buffer overflow vulnerability in code that parses email addresses. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Sendmail is a widely used mail transfer agent (MTA). There is a buffer overflow vulnerability in code that parses email addresses.
When processing email messages, sendmail creates tokens from address elements (user, host, domain). The code that performs this function (prescan() in parseaddr.c) contains a vulnerability that could allow a remote attacker to overwrite memory structures and execute arbitary code. The attacker could exploit this vulnerability using an email message with a specially crafted address. Such a message could be passed through MTAs that are not vulnerable.
A remote attacker could execute arbitrary code with the privileges of the Sendmail process, typically root. The attacker may also be able to cause a denial of service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||17 Sep 2003||25 Sep 2003|
|Conectiva||Affected||17 Sep 2003||18 Sep 2003|
|Debian||Affected||17 Sep 2003||18 Sep 2003|
|FreeBSD||Affected||17 Sep 2003||25 Sep 2003|
|Gentoo Linux||Affected||-||18 Sep 2003|
|Hewlett-Packard Company||Affected||17 Sep 2003||24 Sep 2003|
|IBM||Affected||17 Sep 2003||18 Sep 2003|
|IBM eServer||Affected||17 Sep 2003||24 Sep 2003|
|MandrakeSoft||Affected||17 Sep 2003||18 Sep 2003|
|NETBsd||Affected||17 Sep 2003||17 Sep 2003|
|OpenPKG||Affected||-||24 Sep 2003|
|Red Hat Inc.||Affected||17 Sep 2003||18 Sep 2003|
|Secure Computing Corporation||Affected||-||24 Sep 2003|
|Sendmail Inc.||Affected||-||18 Sep 2003|
|SGI||Affected||17 Sep 2003||29 Sep 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered by Michal Zalewski.
This document was written by Art Manion.
- CVE IDs: CAN-2003-0694
- CERT Advisory: CA-2003-25
- Date Public: 17 Sep 2003
- Date First Published: 17 Sep 2003
- Date Last Updated: 29 Sep 2003
- Severity Metric: 36.72
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.