CVE-2003-0694 - 漏洞详情

CVE-2003-0694 (CNNVD-200310-019)

CRITICAL

中文标题:

Sendmail prescan头处理远程溢出漏洞

英文标题:

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer...

CVSS分数: 10.0

发布时间: 2003-09-18 04:00:00

漏洞类型: 授权问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Sendmail是一款互联网上最流行的邮件传输代理(MTA)。 Sendmail中的prescan()函数(与 http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=4625 描述的漏洞不同)存在问题，远程攻击者可以利用这个漏洞可能以Sendmail进程权限在系统上执行任意指令。在Linux上的本地利用方法可以通过recipient.c和sendtolist()，利用用户提交的数据覆盖指针，在调用free()函数时可能导致指令重定向，攻击者可以构建恶意邮件消息提交给Sendmail解析可能以Sendmail进程权限在系统上执行任意指令。一般的利用方式是通过parseaddr()函数间接调用prescan()函数来覆盖一些数据结构来触发溢出，也有可能存在其他的利用方式，远程利用此漏洞也是可能的。

英文描述:

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CWE类型:

（暂无数据）

受影响产品

厂商	产品	版本	版本范围	平台	CPE
sendmail	advanced_message_server	1.2	-	-	`cpe:2.3:a:sendmail:advanced_message_server:1.2:::::::*`
sendmail	advanced_message_server	1.3	-	-	`cpe:2.3:a:sendmail:advanced_message_server:1.3:::::::*`
sendmail	sendmail	2.6	-	-	`cpe:2.3:a:sendmail:sendmail:2.6:::::::*`
sendmail	sendmail	2.6.1	-	-	`cpe:2.3:a:sendmail:sendmail:2.6.1:::::::*`
sendmail	sendmail	2.6.2	-	-	`cpe:2.3:a:sendmail:sendmail:2.6.2:::::::*`
sendmail	sendmail	3.0	-	-	`cpe:2.3:a:sendmail:sendmail:3.0:::::::*`
sendmail	sendmail	3.0.1	-	-	`cpe:2.3:a:sendmail:sendmail:3.0.1:::::::*`
sendmail	sendmail	3.0.2	-	-	`cpe:2.3:a:sendmail:sendmail:3.0.2:::::::*`
sendmail	sendmail	3.0.3	-	-	`cpe:2.3:a:sendmail:sendmail:3.0.3:::::::*`
sendmail	sendmail	8.8.8	-	-	`cpe:2.3:a:sendmail:sendmail:8.8.8:::::::*`
sendmail	sendmail	8.9.0	-	-	`cpe:2.3:a:sendmail:sendmail:8.9.0:::::::*`
sendmail	sendmail	8.9.1	-	-	`cpe:2.3:a:sendmail:sendmail:8.9.1:::::::*`
sendmail	sendmail	8.9.2	-	-	`cpe:2.3:a:sendmail:sendmail:8.9.2:::::::*`
sendmail	sendmail	8.9.3	-	-	`cpe:2.3:a:sendmail:sendmail:8.9.3:::::::*`
sendmail	sendmail	8.10	-	-	`cpe:2.3:a:sendmail:sendmail:8.10:::::::*`
sendmail	sendmail	8.10.1	-	-	`cpe:2.3:a:sendmail:sendmail:8.10.1:::::::*`
sendmail	sendmail	8.10.2	-	-	`cpe:2.3:a:sendmail:sendmail:8.10.2:::::::*`
sendmail	sendmail	8.11.0	-	-	`cpe:2.3:a:sendmail:sendmail:8.11.0:::::::*`
sendmail	sendmail	8.11.1	-	-	`cpe:2.3:a:sendmail:sendmail:8.11.1:::::::*`
sendmail	sendmail	8.11.2	-	-	`cpe:2.3:a:sendmail:sendmail:8.11.2:::::::*`
sendmail	sendmail	8.11.3	-	-	`cpe:2.3:a:sendmail:sendmail:8.11.3:::::::*`
sendmail	sendmail	8.11.4	-	-	`cpe:2.3:a:sendmail:sendmail:8.11.4:::::::*`
sendmail	sendmail	8.11.5	-	-	`cpe:2.3:a:sendmail:sendmail:8.11.5:::::::*`
sendmail	sendmail	8.11.6	-	-	`cpe:2.3:a:sendmail:sendmail:8.11.6:::::::*`
sendmail	sendmail	8.12	-	-	`cpe:2.3:a:sendmail:sendmail:8.12:beta10::::::`
sendmail	sendmail	8.12.0	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.0:::::::*`
sendmail	sendmail	8.12.1	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.1:::::::*`
sendmail	sendmail	8.12.2	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.2:::::::*`
sendmail	sendmail	8.12.3	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.3:::::::*`
sendmail	sendmail	8.12.4	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.4:::::::*`
sendmail	sendmail	8.12.5	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.5:::::::*`
sendmail	sendmail	8.12.6	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.6:::::::*`
sendmail	sendmail	8.12.7	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.7:::::::*`
sendmail	sendmail	8.12.8	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.8:::::::*`
sendmail	sendmail	8.12.9	-	-	`cpe:2.3:a:sendmail:sendmail:8.12.9:::::::*`
sendmail	sendmail_pro	8.9.2	-	-	`cpe:2.3:a:sendmail:sendmail_pro:8.9.2:::::::*`
sendmail	sendmail_pro	8.9.3	-	-	`cpe:2.3:a:sendmail:sendmail_pro:8.9.3:::::::*`
sendmail	sendmail_switch	2.1	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.1:::::::*`
sendmail	sendmail_switch	2.1.1	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.1.1:::::::*`
sendmail	sendmail_switch	2.1.2	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.1.2:::::::*`
sendmail	sendmail_switch	2.1.3	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.1.3:::::::*`
sendmail	sendmail_switch	2.1.4	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.1.4:::::::*`
sendmail	sendmail_switch	2.1.5	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.1.5:::::::*`
sendmail	sendmail_switch	2.2	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.2:::::::*`
sendmail	sendmail_switch	2.2.1	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.2.1:::::::*`
sendmail	sendmail_switch	2.2.2	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.2.2:::::::*`
sendmail	sendmail_switch	2.2.3	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.2.3:::::::*`
sendmail	sendmail_switch	2.2.4	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.2.4:::::::*`
sendmail	sendmail_switch	2.2.5	-	-	`cpe:2.3:a:sendmail:sendmail_switch:2.2.5:::::::*`
sendmail	sendmail_switch	3.0	-	-	`cpe:2.3:a:sendmail:sendmail_switch:3.0:::::::*`
sendmail	sendmail_switch	3.0.1	-	-	`cpe:2.3:a:sendmail:sendmail_switch:3.0.1:::::::*`
sendmail	sendmail_switch	3.0.2	-	-	`cpe:2.3:a:sendmail:sendmail_switch:3.0.2:::::::*`
sendmail	sendmail_switch	3.0.3	-	-	`cpe:2.3:a:sendmail:sendmail_switch:3.0.3:::::::*`
sgi	irix	6.5.15	-	-	`cpe:2.3:o:sgi:irix:6.5.15:::::::*`
sgi	irix	6.5.16	-	-	`cpe:2.3:o:sgi:irix:6.5.16:::::::*`
sgi	irix	6.5.17f	-	-	`cpe:2.3:o:sgi:irix:6.5.17f:::::::*`
sgi	irix	6.5.17m	-	-	`cpe:2.3:o:sgi:irix:6.5.17m:::::::*`
sgi	irix	6.5.18f	-	-	`cpe:2.3:o:sgi:irix:6.5.18f:::::::*`
sgi	irix	6.5.18m	-	-	`cpe:2.3:o:sgi:irix:6.5.18m:::::::*`
sgi	irix	6.5.19f	-	-	`cpe:2.3:o:sgi:irix:6.5.19f:::::::*`
sgi	irix	6.5.19m	-	-	`cpe:2.3:o:sgi:irix:6.5.19m:::::::*`
sgi	irix	6.5.20f	-	-	`cpe:2.3:o:sgi:irix:6.5.20f:::::::*`
sgi	irix	6.5.20m	-	-	`cpe:2.3:o:sgi:irix:6.5.20m:::::::*`
sgi	irix	6.5.21f	-	-	`cpe:2.3:o:sgi:irix:6.5.21f:::::::*`
sgi	irix	6.5.21m	-	-	`cpe:2.3:o:sgi:irix:6.5.21m:::::::*`
apple	mac_os_x	10.2	-	-	`cpe:2.3:o:apple:mac_os_x:10.2:::::::*`
apple	mac_os_x	10.2.1	-	-	`cpe:2.3:o:apple:mac_os_x:10.2.1:::::::*`
apple	mac_os_x	10.2.2	-	-	`cpe:2.3:o:apple:mac_os_x:10.2.2:::::::*`
apple	mac_os_x	10.2.3	-	-	`cpe:2.3:o:apple:mac_os_x:10.2.3:::::::*`
apple	mac_os_x	10.2.4	-	-	`cpe:2.3:o:apple:mac_os_x:10.2.4:::::::*`
apple	mac_os_x	10.2.5	-	-	`cpe:2.3:o:apple:mac_os_x:10.2.5:::::::*`
apple	mac_os_x	10.2.6	-	-	`cpe:2.3:o:apple:mac_os_x:10.2.6:::::::*`
apple	mac_os_x_server	10.2	-	-	`cpe:2.3:o:apple:mac_os_x_server:10.2:::::::*`
apple	mac_os_x_server	10.2.1	-	-	`cpe:2.3:o:apple:mac_os_x_server:10.2.1:::::::*`
apple	mac_os_x_server	10.2.2	-	-	`cpe:2.3:o:apple:mac_os_x_server:10.2.2:::::::*`
apple	mac_os_x_server	10.2.3	-	-	`cpe:2.3:o:apple:mac_os_x_server:10.2.3:::::::*`
apple	mac_os_x_server	10.2.4	-	-	`cpe:2.3:o:apple:mac_os_x_server:10.2.4:::::::*`
apple	mac_os_x_server	10.2.5	-	-	`cpe:2.3:o:apple:mac_os_x_server:10.2.5:::::::*`
apple	mac_os_x_server	10.2.6	-	-	`cpe:2.3:o:apple:mac_os_x_server:10.2.6:::::::*`
compaq	tru64	4.0f	-	-	`cpe:2.3:o:compaq:tru64:4.0f:::::::*`
compaq	tru64	4.0f_pk6_bl17	-	-	`cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:::::::*`
compaq	tru64	4.0f_pk7_bl18	-	-	`cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:::::::*`
compaq	tru64	4.0f_pk8_bl22	-	-	`cpe:2.3:o:compaq:tru64:4.0f_pk8_bl22:::::::*`
compaq	tru64	4.0g	-	-	`cpe:2.3:o:compaq:tru64:4.0g:::::::*`
compaq	tru64	4.0g_pk3_bl17	-	-	`cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:::::::*`
compaq	tru64	4.0g_pk4_bl22	-	-	`cpe:2.3:o:compaq:tru64:4.0g_pk4_bl22:::::::*`
compaq	tru64	5.1	-	-	`cpe:2.3:o:compaq:tru64:5.1:::::::*`
compaq	tru64	5.1_pk3_bl17	-	-	`cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:::::::*`
compaq	tru64	5.1_pk4_bl18	-	-	`cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:::::::*`
compaq	tru64	5.1_pk5_bl19	-	-	`cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:::::::*`
compaq	tru64	5.1_pk6_bl20	-	-	`cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:::::::*`
compaq	tru64	5.1a	-	-	`cpe:2.3:o:compaq:tru64:5.1a:::::::*`
compaq	tru64	5.1a_pk1_bl1	-	-	`cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:::::::*`
compaq	tru64	5.1a_pk2_bl2	-	-	`cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:::::::*`
compaq	tru64	5.1a_pk3_bl3	-	-	`cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:::::::*`
compaq	tru64	5.1a_pk4_bl21	-	-	`cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:::::::*`
compaq	tru64	5.1a_pk5_bl23	-	-	`cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:::::::*`
compaq	tru64	5.1b	-	-	`cpe:2.3:o:compaq:tru64:5.1b:::::::*`
compaq	tru64	5.1b_pk1_bl1	-	-	`cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:::::::*`
compaq	tru64	5.1b_pk2_bl22	-	-	`cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:::::::*`
freebsd	freebsd	3.0	-	-	`cpe:2.3:o:freebsd:freebsd:3.0:releng::::::`
freebsd	freebsd	4.0	-	-	`cpe:2.3:o:freebsd:freebsd:4.0:releng::::::`
freebsd	freebsd	4.3	-	-	`cpe:2.3:o:freebsd:freebsd:4.3:release_p38::::::`
freebsd	freebsd	4.4	-	-	`cpe:2.3:o:freebsd:freebsd:4.4:release_p42::::::`
freebsd	freebsd	4.5	-	-	`cpe:2.3:o:freebsd:freebsd:4.5:release_p32::::::`
freebsd	freebsd	4.6	-	-	`cpe:2.3:o:freebsd:freebsd:4.6:release_p20::::::`
freebsd	freebsd	4.7	-	-	`cpe:2.3:o:freebsd:freebsd:4.7:release_p17::::::`
freebsd	freebsd	4.8	-	-	`cpe:2.3:o:freebsd:freebsd:4.8:release_p6::::::`
freebsd	freebsd	4.9	-	-	`cpe:2.3:o:freebsd:freebsd:4.9:pre-release::::::`
freebsd	freebsd	5.0	-	-	`cpe:2.3:o:freebsd:freebsd:5.0:release_p14::::::`
freebsd	freebsd	5.1	-	-	`cpe:2.3:o:freebsd:freebsd:5.1:release_p5::::::`
gentoo	linux	0.5	-	-	`cpe:2.3:o:gentoo:linux:0.5:::::::*`
gentoo	linux	0.7	-	-	`cpe:2.3:o:gentoo:linux:0.7:::::::*`
gentoo	linux	1.1a	-	-	`cpe:2.3:o:gentoo:linux:1.1a:::::::*`
gentoo	linux	1.2	-	-	`cpe:2.3:o:gentoo:linux:1.2:::::::*`
gentoo	linux	1.4	-	-	`cpe:2.3:o:gentoo:linux:1.4:rc1::::::`
hp	hp-ux	11.00	-	-	`cpe:2.3:o:hp:hp-ux:11.00:::::::*`
hp	hp-ux	11.0.4	-	-	`cpe:2.3:o:hp:hp-ux:11.0.4:::::::*`
hp	hp-ux	11.11	-	-	`cpe:2.3:o:hp:hp-ux:11.11:::::::*`
hp	hp-ux	11.22	-	-	`cpe:2.3:o:hp:hp-ux:11.22:::::::*`
ibm	aix	4.3.3	-	-	`cpe:2.3:o:ibm:aix:4.3.3:::::::*`
ibm	aix	5.1	-	-	`cpe:2.3:o:ibm:aix:5.1:::::::*`
ibm	aix	5.2	-	-	`cpe:2.3:o:ibm:aix:5.2:::::::*`
netbsd	netbsd	1.4.3	-	-	`cpe:2.3:o:netbsd:netbsd:1.4.3:::::::*`
netbsd	netbsd	1.5	-	-	`cpe:2.3:o:netbsd:netbsd:1.5:::::::*`
netbsd	netbsd	1.5.1	-	-	`cpe:2.3:o:netbsd:netbsd:1.5.1:::::::*`
netbsd	netbsd	1.5.2	-	-	`cpe:2.3:o:netbsd:netbsd:1.5.2:::::::*`
netbsd	netbsd	1.5.3	-	-	`cpe:2.3:o:netbsd:netbsd:1.5.3:::::::*`
netbsd	netbsd	1.6	-	-	`cpe:2.3:o:netbsd:netbsd:1.6:::::::*`
netbsd	netbsd	1.6.1	-	-	`cpe:2.3:o:netbsd:netbsd:1.6.1:::::::*`
sun	solaris	2.6	-	-	`cpe:2.3:o:sun:solaris:2.6:::::::*`
sun	solaris	7.0	-	-	`cpe:2.3:o:sun:solaris:7.0::x86:::::`
sun	solaris	8.0	-	-	`cpe:2.3:o:sun:solaris:8.0::x86:::::`
sun	solaris	9.0	-	-	`cpe:2.3:o:sun:solaris:9.0::sparc:::::`
sun	sunos	-	-	-	`cpe:2.3:o:sun:sunos:-:::::::*`
sun	sunos	5.7	-	-	`cpe:2.3:o:sun:sunos:5.7:::::::*`
sun	sunos	5.8	-	-	`cpe:2.3:o:sun:sunos:5.8:::::::*`
turbolinux	turbolinux_advanced_server	6.0	-	-	`cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0:::::::*`
turbolinux	turbolinux_server	6.1	-	-	`cpe:2.3:o:turbolinux:turbolinux_server:6.1:::::::*`
turbolinux	turbolinux_server	6.5	-	-	`cpe:2.3:o:turbolinux:turbolinux_server:6.5:::::::*`
turbolinux	turbolinux_server	7.0	-	-	`cpe:2.3:o:turbolinux:turbolinux_server:7.0:::::::*`
turbolinux	turbolinux_server	8.0	-	-	`cpe:2.3:o:turbolinux:turbolinux_server:8.0:::::::*`
turbolinux	turbolinux_workstation	6.0	-	-	`cpe:2.3:o:turbolinux:turbolinux_workstation:6.0:::::::*`
turbolinux	turbolinux_workstation	7.0	-	-	`cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:::::::*`
turbolinux	turbolinux_workstation	8.0	-	-	`cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail) mailing-list
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

RHSA-2003:283 vendor-advisory
cve.org

访问

20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694] mailing-list
cve.org

访问

CA-2003-25 third-party-advisory
cve.org

访问

VU#784980 third-party-advisory
cve.org

访问

MDKSA-2003:092 vendor-advisory
cve.org

访问

oval:org.mitre.oval:def:603 vdb-entry
cve.org

访问

20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02) mailing-list
cve.org

访问

DSA-384 vendor-advisory
cve.org

访问

SCOSA-2004.11 vendor-advisory
cve.org

访问

RHSA-2003:284 vendor-advisory
cve.org

访问

20030917 GLSA: sendmail (200309-13) mailing-list
cve.org

访问

20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug mailing-list
cve.org

访问

oval:org.mitre.oval:def:572 vdb-entry
cve.org

访问

20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694] mailing-list
cve.org

访问

oval:org.mitre.oval:def:2975 vdb-entry
cve.org

访问

CLA-2003:742 vendor-advisory
cve.org

访问

CVSS评分详情

10.0

CRITICAL

CVSS向量: AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS版本: 2.0

机密性

COMPLETE

完整性

COMPLETE

可用性

COMPLETE

时间信息

发布时间:

2003-09-18 04:00:00

修改时间:

2024-08-08 02:05:11

创建时间:

2025-11-11 15:32:19

更新时间:

2025-11-11 15:48:51

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2003-0694`	2025-11-11 15:17:27	2025-11-11 07:32:19
NVD	`nvd_CVE-2003-0694`	2025-11-11 14:50:37	2025-11-11 07:41:05
CNNVD	`cnnvd_CNNVD-200310-019`	2025-11-11 15:08:43	2025-11-11 07:48:51

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:48:51

vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200310-019; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 授权问题
cnnvd_id: 未提取 -> CNNVD-200310-019
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:41:05

severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 10.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:C/I:C/A:C; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 145; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
cvss_score: 未提取 -> 10.0
cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 145
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2003-0694 (CNNVD-200310-019)

中文标题:

Sendmail prescan头处理远程溢出漏洞

英文标题:

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史