CVE-2003-0694

EXPLOITED

Sendmail 8.12.9 - Buffer Overflow

Title source: llm

Description

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Exploits (1)

metasploit WORKING POC

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/smtp/sendmail_prescan.rb

View Code ZIP pw:eip

References (18)

[Various Sources] ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742

[Mailing List] http://marc.info/?l=bugtraq&m=106381604923204&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=106382859407683&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=106383437615742&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=106398718909274&w=2

[Patch, Third Party Advisory, US Government Resource] http://www.cert.org/advisories/CA-2003-25.html

[US Government Resource] http://www.kb.cert.org/vuls/id/784980

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2003:092

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-283.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-284.html

[Patch] http://www.sendmail.org/8.12.10.html

[Third Party Advisory] http://www.debian.org/security/2003/dsa-384

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603

Scores

EPSS 0.7608

EPSS Percentile 98.9%

Exploitation Intel

VulnCheck KEV 2017-06-20

Classification

Status draft

Affected Products (50)

sendmail/advanced_message_server

sendmail/sendmail

... and 35 more

Timeline

Published Oct 06, 2003

Tracked Since Feb 18, 2026