CVE-2003-0694

Public exploit
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
Max CVSS
10.0
EPSS Score
5.70%
Published
2003-10-06
Updated
2018-10-30
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
0.58%
Published
2017-06-19
Updated
2019-10-03
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
2.47%
Published
2017-06-19
Updated
2017-08-12
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
0.19%
Published
2017-06-19
Updated
2019-10-03
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
Max CVSS
9.8
EPSS Score
1.63%
Published
2017-01-19
Updated
2017-01-20
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
Max CVSS
9.3
EPSS Score
1.21%
Published
2011-08-19
Updated
2017-08-29
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet.
Max CVSS
9.3
EPSS Score
1.89%
Published
2008-09-11
Updated
2017-08-08
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
Max CVSS
9.3
EPSS Score
2.70%
Published
2008-10-03
Updated
2017-09-29
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.
Max CVSS
9.3
EPSS Score
0.79%
Published
2008-03-13
Updated
2008-12-10
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
Max CVSS
9.0
EPSS Score
2.29%
Published
2006-12-20
Updated
2018-10-17
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.
Max CVSS
10.0
EPSS Score
6.64%
Published
2006-08-24
Updated
2017-07-20
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Max CVSS
10.0
EPSS Score
79.54%
Published
2003-08-27
Updated
2024-02-08
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Max CVSS
10.0
EPSS Score
90.25%
Published
2003-03-07
Updated
2024-02-09
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Max CVSS
10.0
EPSS Score
0.92%
Published
2001-08-14
Updated
2022-01-21
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
Max CVSS
10.0
EPSS Score
1.90%
Published
2001-06-18
Updated
2020-01-21
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
2.65%
Published
2001-02-12
Updated
2017-10-10
FreeBSD mmap function allows users to modify append-only or immutable files.
Max CVSS
10.0
EPSS Score
1.06%
Published
1998-02-20
Updated
2008-09-09
Buffer overflow of rlogin program using TERM environmental variable.
Max CVSS
10.0
EPSS Score
0.94%
Published
1997-02-06
Updated
2024-02-09
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
Max CVSS
10.0
EPSS Score
1.15%
Published
1998-04-08
Updated
2018-10-30
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
Max CVSS
10.0
EPSS Score
9.01%
Published
1998-04-08
Updated
2018-10-30
20 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!