CVE-2000-0319

mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/1146	Patch Vendor Advisory
http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424%40SECURITY.NNOV.RU

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eric_allman:sendmail:5.58:::::::*
	cpe:2.3:a:eric_allman:sendmail:5.59:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.6.x:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.7.1:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.7.2:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.7.3:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.7.4:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.7.5:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.7.6:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.7.x:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.8:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.8.1:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.8.2:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.8.3:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.8.4:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.8.5:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.8.x:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.9.1:::::::*
	cpe:2.3:a:eric_allman:sendmail:8.9.3:::::::*

History

07 Nov 2023, 01:55

Type	Values Removed	Values Added
References	~~{'url': 'http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU', 'name': "20000424 unsafe fgets() in sendmail's mail.local", 'tags': [], 'refsource': 'BUGTRAQ'}~~	() http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424%40SECURITY.NNOV.RU -

Information

Published : 2000-04-23 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2000-0319

Mitre link : CVE-2000-0319

CVE.ORG link : CVE-2000-0319

JSON object : View

Products Affected

eric_allman

sendmail

CWE

NVD-CWE-Other

{"id": "CVE-2000-0319", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2000-04-23T04:00:00.000", "references": [{"url": "http://www.securityfocus.com/bid/1146", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424%40SECURITY.NNOV.RU", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "mail.local in Sendmail 8.10.x does not properly identify the .\\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\\n."}], "lastModified": "2023-11-07T01:55:16.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eric_allman:sendmail:5.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D07F493-9C8D-44A4-8652-F28B46CBA27C"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:5.59:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8863BB7-833C-462F-BF5F-B27761B05E6F"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.6.x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11C2CB74-F51B-40B9-8008-5EAEA9E8F896"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2D488B8-49D0-4AFD-A5C1-63CB036E3886"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3E2EE58-BCAD-4F26-94B6-F91CF1731429"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10AC2FAD-C4AD-46DD-88D1-4F99433B3476"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B730F70-5662-4BE4-8202-93E12620CBD2"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6D5E9F-275F-41EB-9707-6B7F129A700F"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02C8FAE4-24FF-49E3-A0D5-A94EBCC80EF4"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.7.x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94C2D541-2E53-44F1-A891-D601F402E1B8"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C973CF06-BEE8-4D79-8649-1510E9EFC29D"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56D2BAF2-F430-41A1-8DEE-1D9CB2A56C32"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E36E877-6028-49DE-8B2E-3087A141F8EC"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D8484F8-8712-4B55-A163-BA492B4D0095"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D15777E6-6951-4559-B19F-08CE6246BF33"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ADBDC99-E03C-42FC-9A97-133D45FF4810"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.8.x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A712A7D-1E91-4FE7-A871-5DF20F441198"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F81633D9-456A-4377-93F5-E294146FF2D0"}, {"criteria": "cpe:2.3:a:eric_allman:sendmail:8.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4273E93-B536-4B2C-8DAD-84A6F5E38890"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}