Elm Subject Line Buffer Overflow Vulnerability
BID:2470
Info
Elm Subject Line Buffer Overflow Vulnerability
| Bugtraq ID: | 2470 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 08 2001 12:00AM |
| Updated: | Mar 08 2001 12:00AM |
| Credit: | This vulnerability was announced to Bugtraq by Flatline <[email protected]> on March 8, 2001. |
| Vulnerable: |
Elm Development Group ELM 2.5 alpha3 |
| Not Vulnerable: | |
Discussion
Elm Subject Line Buffer Overflow Vulnerability
Elm is a popular Mail User Agent distributed with various versions of the UNIX Operating System. This vulnerability affects the version distributed by Hewlett Packard, as well as other operating systems using Elm 2.5alpha3 with setuid or setgid flags
A vulnerability in the subject line argument of the elm program could result in a buffer overflow. Due to insufficent bounds checking, it is possible to overflow the buffer holding the contents of the -s flag. It is possible to use this vulnerability to overwrite variables on the stack, including the return address, and execute arbitrary code. The elm binary is setgid mail, which could allow a user with this privilege to read and alter others' mail.
This makes it possible for a malicious local user to gain elevated privileges, execute arbitrary code with the privileges of mail, and potentially read and alter other users' mail.
Elm is a popular Mail User Agent distributed with various versions of the UNIX Operating System. This vulnerability affects the version distributed by Hewlett Packard, as well as other operating systems using Elm 2.5alpha3 with setuid or setgid flags
A vulnerability in the subject line argument of the elm program could result in a buffer overflow. Due to insufficent bounds checking, it is possible to overflow the buffer holding the contents of the -s flag. It is possible to use this vulnerability to overwrite variables on the stack, including the return address, and execute arbitrary code. The elm binary is setgid mail, which could allow a user with this privilege to read and alter others' mail.
This makes it possible for a malicious local user to gain elevated privileges, execute arbitrary code with the privileges of mail, and potentially read and alter other users' mail.
Exploit / POC
Elm Subject Line Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Elm Subject Line Buffer Overflow Vulnerability
Solution:
Upgrade available:
Elm Development Group ELM 2.5 alpha3
Solution:
Upgrade available:
Elm Development Group ELM 2.5 alpha3
-
Elm Development Group elm2.5.3.tar.gz
ftp://ftp.virginia.edu/pub/elm/elm2.5.3.tar.gz
References
Elm Subject Line Buffer Overflow Vulnerability
References:
References: