CVE-2001-0653
published 2001-09-20CVE-2001-0653: Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category'…
PriorityP416medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.18%
63.7th percentile
Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2001-08-21·CVSS 4.6
CVE-2001-0653 [MEDIUM] security flaw
security flaw
Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
GHSA
GHSA-pw59-xvgj-36g7: Sendmail 8
ghsa_unreviewed·2022-05-03
CVE-2001-0653 [MEDIUM] GHSA-pw59-xvgj-36g7: Sendmail 8
Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
No detection rules found.
Exploit-DB
Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (3)
exploitdb·2001-08-17
CVE-2001-0653 Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (3)
Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (3)
---
source: https://www.securityfocus.com/bid/3163/info
An input validation error exists in Sendmail's debugging functionality.
The problem is the result of the use of signed integers in the program's tTflag() function, which is responsible for processing arguments supplied from the command line with the '-d' switch and writing the values to it's internal "trace vector." The vulnerability exists because it is possible to cause a signed integer overflow by supplying a large numeric value for the 'category' part of the debugger arguments. The numeric value is used as an index for the trace vector, and can therefore be used to write within a certain range of proces memory if a negative value is given.
Because the '-d' command-lin
Exploit-DB
Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (2)
exploitdb·2001-08-17
CVE-2001-0653 Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (2)
Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (2)
---
// source: https://www.securityfocus.com/bid/3163/info
An input validation error exists in Sendmail's debugging functionality.
The problem is the result of the use of signed integers in the program's tTflag() function, which is responsible for processing arguments supplied from the command line with the '-d' switch and writing the values to it's internal "trace vector." The vulnerability exists because it is possible to cause a signed integer overflow by supplying a large numeric value for the 'category' part of the debugger arguments. The numeric value is used as an index for the trace vector, and can therefore be used to write within a certain range of proces memory if a negative value is given.
Because the '-d' command-
Exploit-DB
Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (4)
exploitdb·2001-08-17
CVE-2001-0653 Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (4)
Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (4)
---
source: https://www.securityfocus.com/bid/3163/info
An input validation error exists in Sendmail's debugging functionality.
The problem is the result of the use of signed integers in the program's tTflag() function, which is responsible for processing arguments supplied from the command line with the '-d' switch and writing the values to it's internal "trace vector." The vulnerability exists because it is possible to cause a signed integer overflow by supplying a large numeric value for the 'category' part of the debugger arguments. The numeric value is used as an index for the trace vector, and can therefore be used to write within a certain range of proces memory if a negative value is given.
Because the '-d' command-lin
Exploit-DB
Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (1)
exploitdb·2001-08-17
CVE-2001-0653 Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (1)
Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (1)
---
// source: https://www.securityfocus.com/bid/3163/info
An input validation error exists in Sendmail's debugging functionality.
The problem is the result of the use of signed integers in the program's tTflag() function, which is responsible for processing arguments supplied from the command line with the '-d' switch and writing the values to it's internal "trace vector." The vulnerability exists because it is possible to cause a signed integer overflow by supplying a large numeric value for the 'category' part of the debugger arguments. The numeric value is used as an index for the trace vector, and can therefore be used to write within a certain range of proces memory if a negative value is given.
Because the '-d' command-
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01http://marc.info/?l=bugtraq&m=99841063100516&w=2http://rhn.redhat.com/errata/RHSA-2001-106.htmlhttp://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txthttp://www.ciac.org/ciac/bulletins/l-133.shtmlhttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3http://www.novell.com/linux/security/advisories/2001_028_sendmail_txt.htmlhttp://www.securityfocus.com/bid/3163http://www.sendmail.org/8.11.htmlhttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-007https://exchange.xforce.ibmcloud.com/vulnerabilities/7016ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01http://marc.info/?l=bugtraq&m=99841063100516&w=2http://rhn.redhat.com/errata/RHSA-2001-106.htmlhttp://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txthttp://www.ciac.org/ciac/bulletins/l-133.shtmlhttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3http://www.novell.com/linux/security/advisories/2001_028_sendmail_txt.htmlhttp://www.securityfocus.com/bid/3163http://www.sendmail.org/8.11.htmlhttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-007https://exchange.xforce.ibmcloud.com/vulnerabilities/7016
2001-09-20
Published