CVE-2002-1337

Sendmail <8.12.7 - RCE

Title source: llm

Description

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Exploits (3)

exploitdb WORKING POC VERIFIED

by bysin · cremoteunix

https://www.exploit-db.com/exploits/22314

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Last Stage of Delirium · cremoteunix

https://www.exploit-db.com/exploits/22313

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by sd · clocallinux

https://www.exploit-db.com/exploits/411

View Code ZIP pw:eip

References (25)

[Broken Link] http://www.redhat.com/support/errata/RHSA-2003-073.html

[Broken Link] ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P

[Broken Link] http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only

[Third Party Advisory] http://marc.info/?l=bugtraq&m=104678862109841&w=2

[Broken Link] http://www.redhat.com/support/errata/RHSA-2003-227.html

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/6991

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/398025

[Broken Link, Patch, Vendor Advisory] http://www.sendmail.org/8.12.8.html

[Broken Link] http://www.debian.org/security/2003/dsa-257

[Third Party Advisory] http://marc.info/?l=bugtraq&m=104678739608479&w=2

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222

[Broken Link] http://www.redhat.com/support/errata/RHSA-2003-074.html

[Broken Link, Patch, Third Party Advisory, US Government Resource] http://www.cert.org/advisories/CA-2003-07.html

[Third Party Advisory] http://marc.info/?l=bugtraq&m=104673778105192&w=2

[Broken Link] http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028

[Broken Link] http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only

[Broken Link] http://www.iss.net/security_center/static/10748.php

[Broken Link] ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6

[Broken Link] ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5

[Broken Link] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571

... and 5 more

Scores

EPSS 0.5200

EPSS Percentile 97.9%

Details

CWE

CWE-120

Status published

Products (25)

gentoo/linux 1.4 rc1 (2 CPE variants)

hp/alphaserver_sc

hp/hp-ux 10.10

hp/hp-ux 10.20

hp/hp-ux 11.00

hp/hp-ux 11.0.4

hp/hp-ux 11.11

hp/hp-ux 11.22

netbsd/netbsd 1.5

netbsd/netbsd 1.5.1

... and 15 more

Published Mar 07, 2003

Tracked Since Feb 18, 2026