Vulnerability Details : CVE-2002-1337
Potential exploit
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Vulnerability category: OverflowExecute code
Products affected by CVE-2002-1337
- cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
- cpe:2.3:h:hp:alphaserver_sc:*:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:bsdos:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:bsdos:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:bsdos:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:platform_sa:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
Threat overview for CVE-2002-1337
Top countries where our scanners detected CVE-2002-1337
Top open port discovered on systems with this issue
110
IPs affected by CVE-2002-1337 167
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2002-1337!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2002-1337
85.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-1337
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2002-1337
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2002-1337
-
http://www.iss.net/security_center/static/10748.php
Broken Link
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
distro.conectiva.com.br | 502: Bad gatewayBroken Link
-
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
Broken Link
-
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
Broken Link;Patch;Vendor Advisory
-
http://www.cert.org/advisories/CA-2003-07.html
2003 CERT AdvisoriesBroken Link;Patch;Third Party Advisory;US Government Resource
-
http://www.sendmail.org/8.12.8.html
Sendmail Open Source - Open Source Email Server | Proofpoint USBroken Link;Patch;Vendor Advisory
-
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
Broken Link
-
http://marc.info/?l=bugtraq&m=104678862409849&w=2
'GLSA: sendmail (200303-4)' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=104678739608479&w=2
'[LSD] Technical analysis of the remote sendmail vulnerability' - MARCThird Party Advisory
-
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
Broken Link
-
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
Broken Link
-
http://marc.info/?l=bugtraq&m=104673778105192&w=2
'sendmail 8.12.8 available' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=104679411316818&w=2
'HP-UX security bulletins digest [Fwd/sendmail issue]' - MARCThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2003-073.html
SupportBroken Link
-
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
Broken Link
-
http://marc.info/?l=bugtraq&m=104678862109841&w=2
'Fwd: APPLE-SA-2003-03-03 sendmail' - MARCThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2003-227.html
SupportBroken Link
-
http://www.debian.org/security/2003/dsa-257
Debian -- The Universal Operating SystemBroken Link
-
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
Broken Link
-
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
MandrivaBroken Link
-
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
Broken Link
-
http://www.securityfocus.com/bid/6991
Broken Link;Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2003-074.html
SupportBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
404 Not FoundBroken Link
-
http://www.kb.cert.org/vuls/id/398025
VU#398025 - Remote Buffer Overflow in SendmailThird Party Advisory;US Government Resource
Jump to