Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0681

9 documents9 sources

Severity

7.5HIGH

EPSS

12.4%

top 6.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server Gentoo Linux +11 more

Timeline

PublishedOct 6

Latest updateApr 29

Description

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages14 packages

▶Debiansendmail< 8.12.10-1+3

▶NVDsendmail/sendmail33 versions+32

▶NVDsendmail/sendmail_pro8.9.2, 8.9.3+1

▶NVDsendmail/sendmail_switch16 versions+15

▶NVDsendmail/advanced_message_server1.2, 1.3+1

Also affects: Netbsd 1.4.3, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1

Patches

Patch: www.sendmail.org ↗Patch: www.sendmail.org ↗

🔴Vulnerability Details

GHSA

GHSA-3jjj-qxx6-gqmg: A "potential buffer overflow in ruleset parsing" for Sendmail 8↗2022-04-29

▶

OSV

CVE-2003-0681: A "potential buffer overflow in ruleset parsing" for Sendmail 8↗2003-10-06

▶

CVEList

CVE-2003-0681: A "potential buffer overflow in ruleset parsing" for Sendmail 8↗2003-09-18

▶

VulnCheck

sendmail advanced_message_server Out-of-bounds Write↗2003

▶

💥Exploits & PoCs

Exploit-DB

Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun↗2003-09-17

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-09-17

▶

Debian

CVE-2003-0681: sendmail - A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using...↗2003

▶

💬Community

Bugzilla

CVE-2003-0681 security flaw↗2018-08-16

▶