Metamail Multiple Buffer Overflow/Format String Handling Vulnerabilities
BID:9692
Info
Metamail Multiple Buffer Overflow/Format String Handling Vulnerabilities
| Bugtraq ID: | 9692 |
| Class: | Unknown |
| CVE: |
CVE-2004-0104 CVE-2004-0105 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of these vulnerabilities has been credited to Ulf Härnhammar. |
| Vulnerable: |
SGI ProPack 2.4 SGI ProPack 2.3 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 2.1 Redhat Advanced Workstation for the Itanium Processor 2.1 Metamail Metamail 2.7 Gentoo Linux 1.4 |
| Not Vulnerable: | |
Discussion
Metamail Multiple Buffer Overflow/Format String Handling Vulnerabilities
Metamail has been reported prone to multiple vulnerabilities that may provide for arbitrary code execution. Two buffer overflow vulnerabilities have been reported to affect Metamail. Additionally, two format string-handling vulnerabilities have been reported. These issues may also be exploited by a remote attacker to execute arbitrary code.
Metamail has been reported prone to multiple vulnerabilities that may provide for arbitrary code execution. Two buffer overflow vulnerabilities have been reported to affect Metamail. Additionally, two format string-handling vulnerabilities have been reported. These issues may also be exploited by a remote attacker to execute arbitrary code.
Exploit / POC
Metamail Multiple Buffer Overflow/Format String Handling Vulnerabilities
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
Metamail Multiple Buffer Overflow/Format String Handling Vulnerabilities
Solution:
SGI has released an advisory 20040203-01-U to address this and other issues in SGI ProPack 2.4 and ProPack 2.3. Please see the referenced advisory for more information. Fixes are available below.
Debian has released an advisory (DSA 449-1) to address these issues. Please see the attached advisory for further details on obtaining and applying fixes.
Red Hat has released a security advisory (RHSA-2004:073-05) and fixes to address this issue in Red Hat enterprise products. Customers who are subscribed to the Red Hat Network may invoke the up2date utility to retrieve relevant fixes. Further details may be found in the referenced advisory.
Slackware have released an advisory (SSA:2004-049-02) and fixes to address thes issues.
Mandrake has released an advisory (MDKSA-2004:014) to address these issues. Please see the attached advisory for further details on obtaining and applying fixes.
Red Hat Fedora Legacy has released advisory FLSA:1305 dealing with this issue for Red Hat Linux 8.0, 7.3 and 7.2. Please see the referenced advisory for more information.
Gentoo Linux has released advisory GLSA 200405-17 dealing with this issue. Please see the referenced advisory for more information. Affected users are urged to run the following commands as superuser:
emerge sync
emerge -pv ">=net-mail/metamail-2.7.45.3"
emerge ">=net-mail/metamail-2.7.45.3"
SGI ProPack 2.3
SGI ProPack 2.4
Metamail Metamail 2.7
Solution:
SGI has released an advisory 20040203-01-U to address this and other issues in SGI ProPack 2.4 and ProPack 2.3. Please see the referenced advisory for more information. Fixes are available below.
Debian has released an advisory (DSA 449-1) to address these issues. Please see the attached advisory for further details on obtaining and applying fixes.
Red Hat has released a security advisory (RHSA-2004:073-05) and fixes to address this issue in Red Hat enterprise products. Customers who are subscribed to the Red Hat Network may invoke the up2date utility to retrieve relevant fixes. Further details may be found in the referenced advisory.
Slackware have released an advisory (SSA:2004-049-02) and fixes to address thes issues.
Mandrake has released an advisory (MDKSA-2004:014) to address these issues. Please see the attached advisory for further details on obtaining and applying fixes.
Red Hat Fedora Legacy has released advisory FLSA:1305 dealing with this issue for Red Hat Linux 8.0, 7.3 and 7.2. Please see the referenced advisory for more information.
Gentoo Linux has released advisory GLSA 200405-17 dealing with this issue. Please see the referenced advisory for more information. Affected users are urged to run the following commands as superuser:
emerge sync
emerge -pv ">=net-mail/metamail-2.7.45.3"
emerge ">=net-mail/metamail-2.7.45.3"
SGI ProPack 2.3
-
SGI patch10051.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0051.tar.gz
SGI ProPack 2.4
-
SGI patch10051.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0051.tar.gz
Metamail Metamail 2.7
-
Debian metamail_2.7-45woody.2_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_alpha.deb -
Debian metamail_2.7-45woody.2_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_arm.deb -
Debian metamail_2.7-45woody.2_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_hppa.deb -
Debian metamail_2.7-45woody.2_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_i386.deb -
Debian metamail_2.7-45woody.2_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_ia64.deb -
Debian metamail_2.7-45woody.2_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_m68k.deb -
Debian metamail_2.7-45woody.2_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_mips.deb -
Debian metamail_2.7-45woody.2_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_mipsel.deb -
Debian metamail_2.7-45woody.2_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_powerpc.deb -
Debian metamail_2.7-45woody.2_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_s390.deb -
Debian metamail_2.7-45woody.2_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.2_sparc.deb -
Fedora metamail-2.7-29.7.x.legacy.i386.rpm
RedHat Linux 7.2 & 7.3
http://download.fedoralegacy.org/redhat/7.2/updates/i386/metamail-2.7- 29.7.x.legacy.i386.rpm -
Mandrake metamail-2.7-9.1.90mdk.i586.rpm
Mandrake Linux 9.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake metamail-2.7-9.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake metamail-2.7-9.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php -
Mandrake metamail-2.7-9.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake metamail-2.7-9.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake metamail-2.7-9.1.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake metamail-2.7-9.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php -
Slackware metamail-2.7-i386-2.tgz
Slackware 8.1
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/m etamail-2.7-i386-2.tgz -
Slackware metamail-2.7-i386-2.tgz
Slackware 9.0
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/m etamail-2.7-i386-2.tgz -
Slackware metamail-2.7-i486-2.tgz
Slackware 9.1
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m etamail-2.7-i486-2.tgz -
Slackware metamail-2.7-i486-2.tgz
Slackware -current
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/me tamail-2.7-i486-2.tgz
References
Metamail Multiple Buffer Overflow/Format String Handling Vulnerabilities
References:
References:
- Metamail Homepage (Metamail)
- RHSA-2004:073-05 - Updated metamail packages fix vulnerabilities (Red Hat)
- metamail format string bugs and buffer overflows (Ulf Harnhammar