Think you have a false positive on this rule?

Sid 1-2183

Message

SERVER-MAIL Sendmail Content-Transfer-Encoding overflow attempt

Summary

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Impact

CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2003-0161:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2003-0161: The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Affected systems

  • sendmail sendmail 2.6
  • sendmail sendmail 2.6.1
  • sendmail sendmail 2.6.2
  • sendmail sendmail 3.0
  • sendmail sendmail 3.0.1
  • sendmail sendmail 3.0.2
  • sendmail sendmail 3.0.3
  • sendmail sendmail 8.9.0
  • sendmail sendmail 8.9.1
  • sendmail sendmail 8.9.2
  • sendmail sendmail 8.9.3
  • sendmail sendmail 8.10
  • sendmail sendmail 8.10.1
  • sendmail sendmail 8.10.2
  • sendmail sendmail 8.11.0
  • sendmail sendmail 8.11.1
  • sendmail sendmail 8.11.2
  • sendmail sendmail 8.11.3
  • sendmail sendmail 8.11.4
  • sendmail sendmail 8.11.5
  • sendmail sendmail 8.11.6
  • sendmail sendmail 8.12
  • sendmail sendmail 8.12.0
  • sendmail sendmail 8.12.1
  • sendmail sendmail 8.12.2
  • sendmail sendmail 8.12.3
  • sendmail sendmail 8.12.4
  • sendmail sendmail 8.12.5
  • sendmail sendmail 8.12.6
  • sendmail sendmail 8.12.7
  • sendmail sendmail 8.12.8
  • sendmail sendmail_switch 2.1
  • sendmail sendmail_switch 2.1.1
  • sendmail sendmail_switch 2.1.2
  • sendmail sendmail_switch 2.1.3
  • sendmail sendmail_switch 2.1.4
  • sendmail sendmail_switch 2.1.5
  • sendmail sendmail_switch 2.2
  • sendmail sendmail_switch 2.2.1
  • sendmail sendmail_switch 2.2.2
  • sendmail sendmail_switch 2.2.3
  • sendmail sendmail_switch 2.2.4
  • sendmail sendmail_switch 2.2.5
  • sendmail sendmail_switch 3.0
  • sendmail sendmail_switch 3.0.1
  • sendmail sendmail_switch 3.0.2
  • sendmail sendmail_switch 3.0.3
  • compaq tru64 4.0b
  • compaq tru64 4.0d
  • compaq tru64 4.0dpk9bl17
  • compaq tru64 4.0f
  • compaq tru64 4.0fpk6bl17
  • compaq tru64 4.0fpk7bl18
  • compaq tru64 4.0g
  • compaq tru64 4.0gpk3bl17
  • compaq tru64 5.0
  • compaq tru64 5.0pk4bl17
  • compaq tru64 5.0pk4bl18
  • compaq tru64 5.0a
  • compaq tru64 5.0apk3bl17
  • compaq tru64 5.0f
  • compaq tru64 5.1
  • compaq tru64 5.1pk3bl17
  • compaq tru64 5.1pk4bl18
  • compaq tru64 5.1pk5bl19
  • compaq tru64 5.1pk6bl20
  • compaq tru64 5.1a
  • compaq tru64 5.1apk1bl1
  • compaq tru64 5.1apk2bl2
  • compaq tru64 5.1apk3bl3
  • compaq tru64 5.1b
  • compaq tru64 5.1bpk1bl1
  • hp hp-ux 10.00
  • hp hp-ux 10.01
  • hp hp-ux 10.08
  • hp hp-ux 10.09
  • hp hp-ux 10.10
  • hp hp-ux 10.16
  • hp hp-ux 10.20
  • hp hp-ux 10.24
  • hp hp-ux 10.26
  • hp hp-ux 10.30
  • hp hp-ux 10.34
  • hp hp-ux 11.00
  • hp hp-ux 11.0.4
  • hp hp-ux 11.11
  • hp hp-ux 11.20
  • hp hp-ux 11.22
  • hp hp-uxseries700 10.20
  • hp hp-uxseries800 10.20
  • hp sis *
  • sun solaris 2.4
  • sun solaris 2.5
  • sun solaris 2.5.1
  • sun solaris 2.6
  • sun solaris 7.0
  • sun solaris 8.0
  • sun solaris 9.0

Ease of attack

CVE-2003-0161:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • www.cert.org/advisories/CA-2003-12.html