{"vuid":"VU#784980","idnumber":"784980","name":"Sendmail prescan() buffer overflow vulnerability","keywords":["Sendmail","prescan() function","parseaddr()","strtok()"],"overview":"Sendmail contains a buffer overflow vulnerability in code that parses email addresses. This vulnerability could allow a  remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.","clean_desc":"Sendmail is a widely used mail transfer agent (MTA). There is a buffer overflow vulnerability in code that parses email addresses. When processing email messages, sendmail creates tokens from address elements (user, host, domain). The code that performs this function (prescan() in parseaddr.c) contains a vulnerability that could allow a remote attacker to overwrite memory structures and execute arbitary code. The attacker could exploit this vulnerability using an email message with a specially crafted address. Such a message could be passed through MTAs that are not vulnerable. Further information is available in a message by Michal Zalewski. This is a different vulnerability than the one described in CA-2003-12/VU#897604.","impact":"A remote attacker could execute arbitrary code with the privileges of the Sendmail process, typically root. The attacker may also be able to cause a denial of service.","resolution":"Upgrade or Patch\nUpgrade or apply a patch as specified by your vendor. Sendmail has released version 8.12.10 and a patch that resolve this issue.","workarounds":"Enable RunAsUser Consider setting the RunAsUser option to reduce the impact of this vulnerability. It is typically considered to be a good security practice to limit the privileges of applications and services whenever possible.","sysaffected":"","thanks":"This vulnerability was discovered by Michal Zalewski.","author":"This document was written by Art Manion.","public":["http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html","http://archives.neohapsis.com/archives/sendmail/2003-q3/0002.html","http://www.sendmail.org/8.12.10.html","http://www.sendmail.org/patches/parse8.359.2.8"],"cveids":["CVE-2003-0694"],"certadvisory":"CA-2003-25","uscerttechnicalalert":null,"datecreated":"2003-09-17T14:11:16Z","publicdate":"2003-09-17T00:00:00Z","datefirstpublished":"2003-09-17T18:05:24Z","dateupdated":"2003-09-29T22:39:47Z","revision":20,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"20","cam_impact":"17","cam_easeofexploitation":"9","cam_attackeraccessrequired":"20","cam_scorecurrent":"36.72","cam_scorecurrentwidelyknown":"42.4575","cam_scorecurrentwidelyknownexploited":"65.4075","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":36.72,"vulnote":null}