Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulnerability

Bugtraq ID:	12934
Class:	Boundary Condition Error
CVE:	CVE-2005-0926
Remote:	Yes
Local:	No
Published:	Mar 29 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	Announced by the vendor.
Vulnerable:	Sylpheed Sylpheed 1.9.4 Sylpheed Sylpheed 1.9.3 Sylpheed Sylpheed 1.9.2 Sylpheed Sylpheed 1.9.1 Sylpheed Sylpheed 1.9 Sylpheed Sylpheed 1.0.3 + Gentoo Linux 1.4 _rc3 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.4 Sylpheed Sylpheed 1.0.2 Sylpheed Sylpheed 1.0.1 Sylpheed Sylpheed 1.0 .0 + Turbolinux Home + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 10.0 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 Sylpheed Sylpheed 0.9.99 Sylpheed Sylpheed 0.9.12 Sylpheed Sylpheed 0.9.11 Sylpheed Sylpheed 0.9.10 Sylpheed Sylpheed 0.9.9 Sylpheed Sylpheed 0.9.8 Sylpheed Sylpheed 0.9.7 Sylpheed Sylpheed 0.9.6 Sylpheed Sylpheed 0.9.5 Sylpheed Sylpheed 0.9.4 + S.u.S.E. Linux Personal 9.3 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Sylpheed Sylpheed 0.8.11 Sylpheed Sylpheed 0.8 Redhat Fedora Core3 Redhat Fedora Core2
Not Vulnerable:	Sylpheed Sylpheed 1.9.5 Sylpheed Sylpheed 1.0.4 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1

Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulnerability

Sylpheed is prone to a buffer overflow when handling email attachments with MIME-encoded file names.

Succesful exploitation may allow arbitrary code execution in the security context of the application.

Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulnerability

Solution:
This issue has been addressed in Sylpheed 1.0.4 and 1.9.5.

Fedora has released advisories and fixes for Fedora Core 2 and Core 3.

Upgrades are available for users of Gentoo Linux:

All Sylpheed users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.4"

All Sylpheed-claws users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.4"

For more information, please see the referenced Gentoo Linux advisory.

TurboLinux has released advisory TLSA-2005-44 along with fixes dealing with this issue. Please see the referenced advisory for more information.


Redhat Fedora Core2

• Fedora sylpheed-1.0.4-0.fc2.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386 /sylpheed-1.0.4-0.fc2.i386.rpm


• Fedora sylpheed-1.0.4-0.fc2.x86_64.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_ 64/sylpheed-1.0.4-0.fc2.x86_64.rpm


• Fedora sylpheed-debuginfo-1.0.4-0.fc2.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386 /debug/sylpheed-debuginfo-1.0.4-0.fc2.i386.rpm


• Fedora sylpheed-debuginfo-1.0.4-0.fc2.x86_64.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_ 64/debug/sylpheed-debuginfo-1.0.4-0.fc2.x86_64.rpm

Redhat Fedora Core3

• Fedora sylpheed-1.0.4-0.fc3.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386 /sylpheed-1.0.4-0.fc3.i386.rpm


• Fedora sylpheed-1.0.4-0.fc3.x86_64.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_ 64/sylpheed-1.0.4-0.fc3.x86_64.rpm


• Fedora sylpheed-debuginfo-1.0.4-0.fc3.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386 /debug/sylpheed-debuginfo-1.0.4-0.fc3.i386.rpm


• Fedora sylpheed-debuginfo-1.0.4-0.fc3.x86_64.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_ 64/debug/sylpheed-debuginfo-1.0.4-0.fc3.x86_64.rpm

Sylpheed Sylpheed 0.8

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.8.11

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.10

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.11

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.12

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.4

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.5

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.6

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.7

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.8

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.9

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 0.9.99

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.0 .0

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.0.1

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.0.2

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.0.3

• Sylpheed sylpheed-1.0.4.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.4.tar.gz

Sylpheed Sylpheed 1.9

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz

Sylpheed Sylpheed 1.9.1

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz

Sylpheed Sylpheed 1.9.2

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz

Sylpheed Sylpheed 1.9.3

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz

Sylpheed Sylpheed 1.9.4

• Sylpheed sylpheed-1.9.5.tar.gz
  http://sylpheed.good-day.net/sylpheed/v1.9/sylpheed-1.9.5.tar.gz

Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulnerability

References:

• Sylpheed Home Page (Sylpheed)