CVE-2002-1337

Sendmail 5.79-8.12.7 - Remote Code Execution via Formatted Address Fields in Header Comments

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2002-1337. PoCs published by bysin, Last Stage of Delirium, sd.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Sendmail's SMTP header parsing component (crackaddr function). It includes shellcode to spawn a reverse shell and is designed for Sendmail versions 5.2 to 8.12.7.

Description

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Exploits (3)

exploitdb WORKING POC VERIFIED
by bysin · cremoteunix
https://www.exploit-db.com/exploits/22314

This exploit targets a buffer overflow vulnerability in Sendmail's SMTP header parsing component (crackaddr function). It includes shellcode to spawn a reverse shell and is designed for Sendmail versions 5.2 to 8.12.7.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sendmail < 8.12.8
No auth needed
Prerequisites: Network access to the SMTP port (typically 25) · Sendmail version < 8.12.8
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Last Stage of Delirium · cremoteunix
https://www.exploit-db.com/exploits/22313

This exploit targets a buffer overflow vulnerability in Sendmail's SMTP header parsing component, allowing remote code execution. It includes shellcode to spawn a reverse shell and uses brute-forcing techniques to bypass memory address randomization.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: Sendmail 5.2 to 8.12.7
No auth needed
Prerequisites: Network access to the target Sendmail server · Sendmail version between 5.2 and 8.12.7
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by sd · clocallinux
https://www.exploit-db.com/exploits/411

This exploit targets a local privilege escalation vulnerability in sendmail 8.11.x by manipulating the GOT entry for setuid() to execute arbitrary shellcode. It uses objdump, gdb, and grep to dynamically locate the target address and constructs a malicious environment variable to trigger the exploit.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: sendmail 8.11.x (and possibly 8.12.x)
No auth needed
Prerequisites: sendmail binary must be setuid root · objdump, gdb, and grep must be available on the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (25)

Core 25
Core References
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-073.html
Broken Link vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
Broken Link vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104678862109841&w=2
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-227.html
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6991
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/398025
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://www.sendmail.org/8.12.8.html
Broken Link vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-257
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104678739608479&w=2
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-074.html
Broken Link, Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2003-07.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104673778105192&w=2
Broken Link vendor-advisory x_refsource_mandrake
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
Broken Link vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
Broken Link vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10748.php
Broken Link vendor-advisory x_refsource_caldera
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
Broken Link vendor-advisory x_refsource_caldera
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
Broken Link vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=104679411316818&w=2
Broken Link, Patch, Vendor Advisory third-party-advisory x_refsource_iss
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
Broken Link vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104678862409849&w=2

Scores

EPSS 0.7220
EPSS Percentile 99.4%

Details

CWE
CWE-120
Status published
Products (25)
gentoo/linux 1.4 rc1 (2 CPE variants)
hp/alphaserver_sc
hp/hp-ux 10.10
hp/hp-ux 10.20
hp/hp-ux 11.00
hp/hp-ux 11.0.4
hp/hp-ux 11.11
hp/hp-ux 11.22
netbsd/netbsd 1.5
netbsd/netbsd 1.5.1
... and 15 more
Published Mar 07, 2003
Tracked Since Feb 18, 2026