QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2003-0161

Back to search

CVE-2003-0161

Published: Apr 1, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

VendorProductVersions

n/a

n/a

affected
n/a

References

1001088
vendor-advisory
x_refsource_SUNALERT
52620
vendor-advisory
x_refsource_SUNALERT
7230
vdb-entry
x_refsource_BID
RHSA-2003:120
vendor-advisory
x_refsource_REDHAT
20030401 Immunix Secured OS 7+ openssl update
mailing-list
x_refsource_BUGTRAQ
DSA-278
vendor-advisory
x_refsource_DEBIAN
DSA-290
vendor-advisory
x_refsource_DEBIAN
IMNX-2003-7+-002-01
vendor-advisory
x_refsource_IMMUNIX
52700
vendor-advisory
x_refsource_SUNALERT
CA-2003-12
third-party-advisory
x_refsource_CERT
20030331 GLSA: sendmail (200303-27)
mailing-list
x_refsource_BUGTRAQ
RHSA-2003:121
vendor-advisory
x_refsource_REDHAT
CLA-2003:614
vendor-advisory
x_refsource_CONECTIVA
GLSA-200303-27
vendor-advisory
x_refsource_GENTOO
20030329 Sendmail: -1 gone wild
mailing-list
x_refsource_FULLDISC
20030329 Sendmail: -1 gone wild
mailing-list
x_refsource_BUGTRAQ
20030329 sendmail 8.12.9 available
mailing-list
x_refsource_BUGTRAQ
VU#897604
third-party-advisory
x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now