CVE-2003-0308

7 documents7 sources
Severity
7.2HIGH
EPSS
0.1%
top 81.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Debian LinuxSendmail Sendmail
Timeline
PublishedMay 15
Latest updateApr 29

Description

The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

Debiansendmail< 8.12.9-2+3
NVDsendmail/sendmail8.12.3, 8.12.9, 8.9.3+2

Also affects: Debian Linux 3.0

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-c936-pgj9-534q: The Sendmail 82022-04-29
CVEList
CVE-2003-0308: The Sendmail 82003-05-17
OSV
CVE-2003-0308: The Sendmail 82003-05-15

📋Vendor Advisories

2
Red Hat
am-utils: insecure usage of temporary files2008-02-14
Debian
CVE-2003-0308: sendmail - The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create tem...2003

💬Community

1
Bugzilla
CVE-2008-1078 am-utils: insecure usage of temporary files2008-02-29
CVE-2003-0308 (HIGH CVSS 7.2) | The Sendmail 8.12.3 package in Debi | cvebase.io