AMaViS TNEF Compression Support File Overwrite Vulnerability
BID:1461
Info
AMaViS TNEF Compression Support File Overwrite Vulnerability
| Bugtraq ID: | 1461 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 11 2000 12:00AM |
| Updated: | Jul 11 2000 12:00AM |
| Credit: | Posted to BugTraq on July 11, 2000 by Rainer Link <[email protected]> |
| Vulnerable: |
AMaViS AMaViS 0.2 -pre6-20000604 |
| Not Vulnerable: |
AMaViS AMaViS 0.2 pre-5 AMaViS AMaViS 0.2 pre-4 AMaViS AMaViS 0.2 -pre6-20000704 |
Discussion
AMaViS TNEF Compression Support File Overwrite Vulnerability
AMaViS (A Mail Virus Scanner) decompresses mail encoded with Microsoft's TNEF compression scheme. Due to the implementation of this, a specially crafted compressed message could be designed to overwrite a file on the system with root access, for example /etc/passwd. AMaViS may run as root when used in conjunction with sendmail; it does not run as root with qmail, exim and postfix. See BugTraq ID 1450 for a related vulnerability.
AMaViS (A Mail Virus Scanner) decompresses mail encoded with Microsoft's TNEF compression scheme. Due to the implementation of this, a specially crafted compressed message could be designed to overwrite a file on the system with root access, for example /etc/passwd. AMaViS may run as root when used in conjunction with sendmail; it does not run as root with qmail, exim and postfix. See BugTraq ID 1450 for a related vulnerability.
Exploit / POC
AMaViS TNEF Compression Support File Overwrite Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
AMaViS TNEF Compression Support File Overwrite Vulnerability
Solution:
Upgrade to at least version 0.2.0-pre6--clm-rl--8-20000704 available from:
http://sourceforge.net/projects/amavis, http://cvsweb.amavis.org/ or http://www.computer-networking.de/~link/security/amavis-patch.php3#latest_sources
Solution:
Upgrade to at least version 0.2.0-pre6--clm-rl--8-20000704 available from:
http://sourceforge.net/projects/amavis, http://cvsweb.amavis.org/ or http://www.computer-networking.de/~link/security/amavis-patch.php3#latest_sources
References
AMaViS TNEF Compression Support File Overwrite Vulnerability
References:
References: