Test case 1298

Type: source code
Pairs: 1297-v1.0.0
State: good
Author: MIT
Status: candidate
Language: C
Submission Date: 09 Feb 2006

Description

Remote Sendmail Header Processing Vulnerability: CA-2003-07
Patched version.
From MIT benchmarks (models/sendmail/s1)
Buffer overflow vulnerability allows remote attackers to execute arbitrary
commands by sending e-mails with cleverly formatted address fields related to
the sender and recipient header comments.
Patched file: crackaddr-ok.c
Patched line number: 209, 226, 263, 266, 317, 319, 331, 346, 348, 352, 360,
364, 367, 374, 386, 426, 440, 442, 446, 454, 457, 460, 490, 501, 504, 506,
515, 518, 521, 524

Flaws

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Test Suites

Testing Exploitable Buffer Overflows From Open Source Code

Have any comments on this test case? Please, send us an email.