Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1337

CWE-120 — Classic Buffer Overflow13 documents9 sources

Severity

10.0CRITICAL

EPSS

53.9%

top 1.99%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sendmail Sendmail Gentoo Linux HP Hp-ux +5 more

Timeline

PublishedMar 7

Latest updateMay 3

Description

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages8 packages

▶NVDsendmail/sendmail8.10.0 — 8.11.6+2

▶Debiansendmail< 8.13.0.PreAlpha4-0+3

▶NVDhp/hp-ux6 versions+5

▶NVDsun/sunos5.7, 5.8+1

▶NVDgentoo/linux1.4

Also affects: Netbsd 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6

Patches

Patch: www.cert.org ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2vpw-h4q9-62fp: Buffer overflow in Sendmail 5↗2022-05-03

▶

CVEList

CVE-2002-1337: Buffer overflow in Sendmail 5↗2004-09-01

▶

OSV

CVE-2002-1337: Buffer overflow in Sendmail 5↗2003-03-07

▶

💥Exploits & PoCs

Exploit-DB

Sendmail 8.12.x - Header Processing Buffer Overflow (1)↗2003-03-02

▶

Exploit-DB

Sendmail 8.12.x - Header Processing Buffer Overflow (2)↗2003-03-02

▶

Exploit-DB

Sendmail 8.11.x (Linux/i386) - Local Privilege Escalation↗2001-01-01

▶

🔍Detection Rules

Suricata

GPL SMTP EXPN overflow attempt↗2010-09-23

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-03-29

▶

Red Hat

security flaw↗2003-03-03

▶

Debian

CVE-2002-1337: sendmail - Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute ar...↗2002

▶

💬Community

Bugzilla

CVE-2002-1337 security flaw↗2018-08-16

▶

Bugzilla

CVE-2003-0161 security flaw↗2018-08-16

▶