CVE-2003-0161

描述

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

受影響套件(3)

• Debian/sendmailfrom 0, < 8.12.9-1
• Debian/sendmailfrom 0, < 8.12.3-6.3
• Debian/sendmail-widefrom 0, < 8.12.3+3.5Wbeta-5.4

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2003-0161