Explore top 10 tips to secure your open-source projects now. Read More
×
A buffer overflow in Metamail could possibly be exploited to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Metamail: Buffer overflow Date: March 17, 2006 Bugs: #126052 ID: 200603-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in Metamail could possibly be exploited to execute arbitrary code. Background ========= Metamail is a program that decodes MIME encoded mail. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/metamail < 2.7.45.3-r1 > = 2.7.45.3-r1 Description ========== Ulf Harnhammar discovered a buffer overflow in Metamail when processing mime boundraries. Impact ===== By sending a specially crafted email, attackers could potentially exploit this vulnerability to crash Metamail or to execute arbitrary code. Workaround ========= There is no known workaround at this time. Resolution ========= All Metamail users should update to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-mail/metamail-2.7.45.3-r1" References ========= [ 1 ] CVE-2006-0709 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200603-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any securityconcerns should be addressed to
Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 995-1
Several format string bugs and buffer overflows were discovered in metamail, potentially allowing execution of arbitrary code remotely.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple vulnerabilities in metamail Date: May 21, 2004 Bugs: #42133 ID: 200405-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Several format string bugs and buffer overflows were discovered in metamail, potentially allowing execution of arbitrary code remotely. Background ========= Metamail is a program that decodes MIME encoded mail. It is therefore often automatically called when an email is received or read. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/metamail < 2.7.45.3 > = 2.7.45.3 Description ========== Ulf Harnhammar found two format string bugs and two buffer overflow bugs in Metamail. Impact ===== A remote attacker could send a malicious email message and execute arbitrary code with the rights of the process calling the Metamail program. Workaround ========= There is no known workaround at this time. Resolution ========= All users of Metamail should upgrade to the latest stable version: # emerge sync # emerge -pv "> =net-mail/metamail-2.7.45.3" # emerge "> =net-mail/metamail-2.7.45.3" References ========= [ 1 ] CAN-2004-0104 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0104 [ 2 ]CAN-2004-0105 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0105 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200405-17 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail.. Debian Security Advisory DSA 449-1
Metamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] metamail security update (SSA:2004-049-02) Metamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution. Thanks to Ulf Härnhammar for discovering these problems and providing a patch. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0104 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0105 Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Wed Feb 18 03:44:42 PST 2004 patches/packages/metamail-2.7-i486-2.tgz: Patched two format string bugs and two buffer overflows in metamail which could lead to unauthorized code execution. Thanks to Ulf Härnhammar for discovering these problems and providing a patch. (* Security fix *) +--------------------------+ WHERE TO FIND THE NEW PACKAGE: +-----------------------------+ Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/metamail-2.7-i386-2.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/metamail-2.7-i386-2.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/metamail-2.7-i486-2.tgz Updated package for Slackware -current: MD5 SIGNATURES: +-------------+ Slackware 8.1 package: 2472a9ac8eefc7d919c0dff517651be6 metamail-2.7-i386-2.tgz Slackware 9.0 package: 4f283c4ad8429fd0e9ed92f3e95e93c7 metamail-2.7-i386-2.tgz Slackware 9.1package: d9947ffb77c68930ed4826dfab4af91b metamail-2.7-i486-2.tgz Slackware -current package: d9947ffb77c68930ed4826dfab4af91b metamail-2.7-i486-2.tgz INSTALLATION INSTRUCTIONS: +------------------------+ Upgrade the metamail package with upgradepkg: # upgradepkg metamail-2.7-i486-2.tgz +-----+ . Metamail for Arch Linux has been patched with essential updates to fix format string vulnerabilities and stack overflow concerns.. Metamail Security Update, Slackware Package Fix, MIME Code Execution. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.