tnef 0-123 Mail Decoder File Overwrite Vulnerability

BID:1450

Info

tnef 0-123 Mail Decoder File Overwrite Vulnerability

Bugtraq ID: 1450
Class: Access Validation Error
CVE: CVE-2000-0614
Remote: Yes
Local: Yes
Published: Jul 10 2000 12:00AM
Updated: Jul 11 2009 02:56AM
Credit: A S.u.S.E. Advisory was released on July 10, 2000 which addressed this issue.
Vulnerable: SuSE Linux 6.4
SuSE Linux 6.3 ppc
SuSE Linux 6.3 alpha
SuSE Linux 6.3
Not Vulnerable:

Discussion

tnef 0-123 Mail Decoder File Overwrite Vulnerability

SuSE Linux versions 6.3 and 6.4 (and possibly other Linux distributions) came packaged with tnef, a package which extracts mail compressed by Microsoft Outlook. The compressed mail includes a path and filename to write the extracted message to. A malicious email could be crafted to overwrite any file, for example, /etc/passwd - the permissions to complete this action could be gained by mailing to root.

Exploit / POC

tnef 0-123 Mail Decoder File Overwrite Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

tnef 0-123 Mail Decoder File Overwrite Vulnerability

Solution:
The following patches are available from SuSE:
AXP:
cc4983da1084c911998ddcc589050ec2 ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/tnef-0-124.alpha.rpm
ae9b2d0e3231ee9ce35ee2fe0bd7788d ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/tnef-0-124.src.rpm

451485d86daa2b45ae897dc88bf8a61b ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/tnef-0-124.alpha.rpm
4bd689ba7abb7235b84570a90b3875d8 ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/tnef-0-124.src.rpm

i386:
5909688f8568eb1f14591c1428235777 ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/tnef-0-124.i386.rpm
5c02ff06d98030541afb10c178a206f3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/tnef-0-124.src.rpm

58fa8e976df90aa09c30bf8fd5f6b2b5 ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/tnef-0-124.i386.rpm
1a99d0cd8315ae3a1990781b7977c4c6 ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/tnef-0-124.src.rpm

PPC:
3be0b423e678923f27c42f8c59c09ab4 ftp://ftp.suse.com/pub/suse/ppc/update/6.3/ap1/tnef-0-124.ppc.rpm
5f7f8c3c025c2f114aa115532e250723 ftp://ftp.suse.com/pub/suse/ppc/update/6.3/zq1/tnef-0-124.src.rpm

b37d6374a7b0147dbd6bf9889ec68367 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/tnef-0-124.ppc.rpm
695fcd009a345638f049200dc0d6279d ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/tnef-0-124.src.rpm

References

tnef 0-123 Mail Decoder File Overwrite Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report