Joined: 12 May 2004
|Posted: Fri Mar 17, 2006 7:26 pm Post subject: [ GLSA 200603-16 ] Metamail: Buffer overflow
|Gentoo Linux Security Advisory
Title: Metamail: Buffer overflow (GLSA 200603-16)
Date: March 17, 2006
A buffer overflow in Metamail could possibly be exploited to execute arbitrary code.
Metamail is a program that decodes MIME encoded mail.
Vulnerable: < 18.104.22.168-r1
Unaffected: >= 22.214.171.124-r1
Architectures: All supported architectures
Ulf Harnhammar discovered a buffer overflow in Metamail when processing mime boundraries.
By sending a specially crafted email, attackers could potentially exploit this vulnerability to crash Metamail or to execute arbitrary code.
There is no known workaround at this time.
All Metamail users should update to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/metamail-126.96.36.199-r1"
Last edited by GLSA on Sun May 07, 2006 5:00 pm; edited 1 time in total