|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
The Metamail fails to check buffer overflow in the ShareThisHeader function in the splitmail.c file. With a specially crafted mail message, containing a long Subject header an attacker can cause buffer overflow and execute arbitrary code on system with privileges of the user, once the message is opened, resulting in a loss of confidentiality and/or integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
The buffer overflow doesn't occur in the metamail executable, but in the splitmail executable that's generated when you compile the metamail package. This overflow occurs when a message has an overly long Subject header. It is caused by a bad strcpy() statement in the function ShareThisHeader() in splitmail.c. An example can be found in the "testmail4.splitmail" file.
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, Ulf Harnhammar and various vendors has released a patch to address this vulnerability. See references.
|
|
Products |
|
Metamail
 |
2.2 |
2.4 |
2.5 |
2.6 |
2.7 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
