KDE KMail Long Attachment Filename Denial of Service Vulnerability

Bugtraq ID:	1380
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Jun 01 1999 12:00AM
Updated:	Jun 01 1999 12:00AM
Credit:	This vulnerability was posted to the VULN-DEV mailing list on June 1, 2000 by Lez<[email protected]>
Vulnerable:	KDE kmail 1.0.29 .1 KDE kmail 1.0.29 KDE kmail 1.0.28 KDE kmail 1.0.27 KDE kmail 1.0.26 KDE kmail 1.0.25 KDE kmail 1.0.24 KDE kmail
Not Vulnerable:	KDE kmail 1.0.29 .2

KDE KMail Long Attachment Filename Denial of Service Vulnerability

A buffer overflow vulnerability exists in versions of kmail, up to and including version 1.0.29.1. By sending an attachment with a filename in excess of approximately 250 bytes, it is possible to cause the mail recipient's kmail to crash. It is possible that this overflow could be further exploited to actually execute remote commands on the machine the mail is read on; this has not been demonstrated, however, and it appears to not be the case.

KDE KMail Long Attachment Filename Denial of Service Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

KDE KMail Long Attachment Filename Denial of Service Vulnerability

Solution:
Users of kmail should upgrade to at least version 1.0.29.2. This is the first version this vulnerability was fixed in.

KDE KMail Long Attachment Filename Denial of Service Vulnerability

References:

• "Kmail heap overflow" thread on Vuln-Dev list (Vuln-Dev)