CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special NOCHAR control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Affected Software

Name	Vendor	Start Version	End Version
Sendmail	Sendmail	2.6 (including)	2.6 (including)
Sendmail	Sendmail	2.6.1 (including)	2.6.1 (including)
Sendmail	Sendmail	2.6.2 (including)	2.6.2 (including)
Sendmail	Sendmail	3.0 (including)	3.0 (including)
Sendmail	Sendmail	3.0.1 (including)	3.0.1 (including)
Sendmail	Sendmail	3.0.2 (including)	3.0.2 (including)
Sendmail	Sendmail	3.0.3 (including)	3.0.3 (including)
Sendmail	Sendmail	8.9.0 (including)	8.9.0 (including)
Sendmail	Sendmail	8.9.1 (including)	8.9.1 (including)
Sendmail	Sendmail	8.9.2 (including)	8.9.2 (including)
Sendmail	Sendmail	8.9.3 (including)	8.9.3 (including)
Sendmail	Sendmail	8.10 (including)	8.10 (including)
Sendmail	Sendmail	8.10.1 (including)	8.10.1 (including)
Sendmail	Sendmail	8.10.2 (including)	8.10.2 (including)
Sendmail	Sendmail	8.11.0 (including)	8.11.0 (including)
Sendmail	Sendmail	8.11.1 (including)	8.11.1 (including)
Sendmail	Sendmail	8.11.2 (including)	8.11.2 (including)
Sendmail	Sendmail	8.11.3 (including)	8.11.3 (including)
Sendmail	Sendmail	8.11.4 (including)	8.11.4 (including)
Sendmail	Sendmail	8.11.5 (including)	8.11.5 (including)
Sendmail	Sendmail	8.11.6 (including)	8.11.6 (including)
Sendmail	Sendmail	8.12-beta10 (including)	8.12-beta10 (including)
Sendmail	Sendmail	8.12-beta12 (including)	8.12-beta12 (including)
Sendmail	Sendmail	8.12-beta16 (including)	8.12-beta16 (including)
Sendmail	Sendmail	8.12-beta5 (including)	8.12-beta5 (including)
Sendmail	Sendmail	8.12-beta7 (including)	8.12-beta7 (including)
Sendmail	Sendmail	8.12.0 (including)	8.12.0 (including)
Sendmail	Sendmail	8.12.1 (including)	8.12.1 (including)
Sendmail	Sendmail	8.12.2 (including)	8.12.2 (including)
Sendmail	Sendmail	8.12.3 (including)	8.12.3 (including)
Sendmail	Sendmail	8.12.4 (including)	8.12.4 (including)
Sendmail	Sendmail	8.12.5 (including)	8.12.5 (including)
Sendmail	Sendmail	8.12.6 (including)	8.12.6 (including)
Sendmail	Sendmail	8.12.7 (including)	8.12.7 (including)
Sendmail	Sendmail	8.12.8 (including)	8.12.8 (including)
Sendmail_switch	Sendmail	2.1 (including)	2.1 (including)
Sendmail_switch	Sendmail	2.1.1 (including)	2.1.1 (including)
Sendmail_switch	Sendmail	2.1.2 (including)	2.1.2 (including)
Sendmail_switch	Sendmail	2.1.3 (including)	2.1.3 (including)
Sendmail_switch	Sendmail	2.1.4 (including)	2.1.4 (including)
Sendmail_switch	Sendmail	2.1.5 (including)	2.1.5 (including)
Sendmail_switch	Sendmail	2.2 (including)	2.2 (including)
Sendmail_switch	Sendmail	2.2.1 (including)	2.2.1 (including)
Sendmail_switch	Sendmail	2.2.2 (including)	2.2.2 (including)
Sendmail_switch	Sendmail	2.2.3 (including)	2.2.3 (including)
Sendmail_switch	Sendmail	2.2.4 (including)	2.2.4 (including)
Sendmail_switch	Sendmail	2.2.5 (including)	2.2.5 (including)
Sendmail_switch	Sendmail	3.0 (including)	3.0 (including)
Sendmail_switch	Sendmail	3.0.1 (including)	3.0.1 (including)
Sendmail_switch	Sendmail	3.0.2 (including)	3.0.2 (including)
Sendmail_switch	Sendmail	3.0.3 (including)	3.0.3 (including)
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Enterprise Linux ES version 2.1	RedHat		*
Red Hat Enterprise Linux WS version 2.1	RedHat		*
Red Hat Linux 6.2	RedHat		*
Red Hat Linux 7.0	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.2	RedHat		*
Red Hat Linux 7.3	RedHat		*
Red Hat Linux 8.0	RedHat		*
Red Hat Linux 9	RedHat		*
Red Hat Linux Advanced Workstation 2.1	RedHat		*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0161
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References