GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Mar 17, 2006 7:26 pm Post subject: [ GLSA 200603-16 ] Metamail: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: Metamail: Buffer overflow (GLSA 200603-16)
Severity: high
Exploitable: remote
Date: March 17, 2006
Bug(s): #126052
ID: 200603-16
Synopsis
A buffer overflow in Metamail could possibly be exploited to execute arbitrary code.
Background
Metamail is a program that decodes MIME encoded mail.
Affected Packages
Package: net-mail/metamail
Vulnerable: < 2.7.45.3-r1
Unaffected: >= 2.7.45.3-r1
Architectures: All supported architectures
Description
Ulf Harnhammar discovered a buffer overflow in Metamail when processing mime boundraries.
Impact
By sending a specially crafted email, attackers could potentially exploit this vulnerability to crash Metamail or to execute arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Metamail users should update to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/metamail-2.7.45.3-r1" |
References
CVE-2006-0709
Last edited by GLSA on Sun May 07, 2006 5:00 pm; edited 1 time in total |
|
News & Announcements
