Lucene search

MitreCVE-2002-2034

HistoryJul 14, 2005 - 4:00 a.m.

CVE-2002-2034

2005-07-1404:00:00

mitre

web.nvd.nist.gov

email sanitizer

procmail

remote attackers

mail filter bypass

arbitrary code execution

crafted attachments

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.025

Percentile

90.3%

JSON

The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments.

Affected configurations

Nvd

Node

john_hardinprocmail_email_sanitizerMatch1.131

john_hardinprocmail_email_sanitizerMatch1.132

VendorProductVersionCPE
john_hardinprocmail_email_sanitizer1.131cpe:2.3:a:john_hardin:procmail_email_sanitizer:1.131:*:*:*:*:*:*:*
john_hardinprocmail_email_sanitizer1.132cpe:2.3:a:john_hardin:procmail_email_sanitizer:1.132:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
john_hardin	procmail_email_sanitizer	1.131	cpe:2.3:a:john_hardin:procmail_email_sanitizer:1.131:::::::*
john_hardin	procmail_email_sanitizer	1.132	cpe:2.3:a:john_hardin:procmail_email_sanitizer:1.132:::::::*

References

www.impsec.org/email-tools/sanitizer-changelog.html

www.iss.net/security_center/static/7847.php

www.securityfocus.com/bid/3820

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.025

Percentile

90.3%

JSON

Related for CVE-2002-2034