CVE-2003-0161

Sendmail - Buffer Overflow in prescan Address Parser

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0161. PoCs published by bysin, sorbo.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Sendmail 8.12.8 and below via the prescan() function. It crafts a malicious RCPT TO command to trigger a segmentation fault, demonstrating the vulnerability.

Description

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Exploits (2)

exploitdb WORKING POC VERIFIED

by bysin · cremotelinux

https://www.exploit-db.com/exploits/24

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Sendmail 8.12.8 and below via the prescan() function. It crafts a malicious RCPT TO command to trigger a segmentation fault, demonstrating the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sendmail 8.12.8 and below

No auth needed

Prerequisites: Network access to the target Sendmail server · Sendmail service running on port 25

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by sorbo · clocalunix

https://www.exploit-db.com/exploits/22442

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Sendmail's prescan() function (CVE-2003-0161) to achieve remote code execution. It manipulates the saved frame pointer to redirect execution to attacker-controlled shellcode, bypassing stack protections.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Sendmail 8.11.6

No auth needed

Prerequisites: Vulnerable Sendmail version (8.11.6) · Ability to send crafted SMTP headers

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (24)

Core 24

Core References

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/7230

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=104914999806315&w=2

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-120.html

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1

Mailing List x_refsource_confirm

http://lists.apple.com/mhonarc/security-announce/msg00028.html

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/317135/30/25220/threaded

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2003/dsa-278

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2003/dsa-290

Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.cert.org/advisories/CA-2003-12.html

Various Sources vendor-advisory x_refsource_caldera

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/316961/30/25250/threaded

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-121.html

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614

Various Sources vendor-advisory x_refsource_sco

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=104897487512238&w=2

Various Sources vendor-advisory x_refsource_freebsd

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/321997

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=104896621106790&w=2

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/897604

Scores

EPSS 0.3819

EPSS Percentile 98.4%

Details

Status published

Products (50)

compaq/tru64 4.0b

compaq/tru64 4.0d

compaq/tru64 4.0d_pk9_bl17

compaq/tru64 4.0f

compaq/tru64 4.0f_pk6_bl17

compaq/tru64 4.0f_pk7_bl18

compaq/tru64 4.0g

compaq/tru64 4.0g_pk3_bl17

compaq/tru64 5.0

compaq/tru64 5.0_pk4_bl17

... and 40 more

Published Apr 02, 2003

Tracked Since Feb 18, 2026