Apple Computer Inc. Information for VU#784980

Sendmail prescan() buffer overflow vulnerability



Vendor Statement

Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.

Mac OS X 10.2.8 is available as a free update for customers running Mac OS X 10.2.x. It is available from:

Mac OS X Client (updating from 10.2 - 10.2.5):

Mac OS X Client (updating from 10.2.6 - 10.2.7):

Mac OS X Server (updating from 10.2 - 10.2.5):

Mac OS X Server (updating from 10.2.6 - 10.2.7):

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



See also: APPLE-SA-2003-09-22.

If you have feedback, comments, or additional information about this vulnerability, please send us email.