CVE-2003-0688

7 documents7 sources
Severity
5.0MEDIUM
EPSS
1.7%
top 17.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Compaq Tru64Freebsd FreebsdOpenbsd Openbsd+3 more
Timeline
PublishedOct 20
Latest updateMay 3

Description

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

Debiansendmail< 8.12.9+3
NVDredhat/sendmail8.12.5-7, 8.12.8-4+1
NVDsendmail/sendmail8 versions+7
NVDsgi/irix6.5.19, 6.5.20, 6.5.21+2
NVDcompaq/tru645.0a, 5.1+1

Also affects: Freebsd 4.6, 4.7, 4.8, 5.0

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-g82v-vwh4-vpjc: The DNS map code in Sendmail 82022-05-03
OSV
CVE-2003-0688: The DNS map code in Sendmail 82003-10-20
CVEList
CVE-2003-0688: The DNS map code in Sendmail 82003-09-03

📋Vendor Advisories

2
Red Hat
security flaw2003-08-25
Debian
CVE-2003-0688: sendmail - The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" featu...2003

💬Community

1
Bugzilla
CVE-2003-0688 security flaw2018-08-16
CVE-2003-0688 (MEDIUM CVSS 5) | The DNS map code in Sendmail 8.12.8 | cvebase.io