Emil Multiple Buffer Overrun and Format String Vulnerabilities
BID:9974
Info
Emil Multiple Buffer Overrun and Format String Vulnerabilities
| Bugtraq ID: | 9974 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 25 2004 12:00AM |
| Updated: | Mar 25 2004 12:00AM |
| Credit: | Discovery of these issues is credited to Ulf Harnhammar. |
| Vulnerable: |
emil emil 2.1 .0-beta9 emil emil 2.0.5 emil emil 2.0.4 |
| Not Vulnerable: | |
Discussion
Emil Multiple Buffer Overrun and Format String Vulnerabilities
Multiple locally and remotely exploitable buffer overrun and format strings were reported in emil. This could permit execution of arbitrary code in the context of the software.
Multiple locally and remotely exploitable buffer overrun and format strings were reported in emil. This could permit execution of arbitrary code in the context of the software.
Exploit / POC
Emil Multiple Buffer Overrun and Format String Vulnerabilities
The following proof-of-concept was released that includes test e-mails to reproduce the condition:
The following proof-of-concept was released that includes test e-mails to reproduce the condition:
Solution / Fix
Emil Multiple Buffer Overrun and Format String Vulnerabilities
Solution:
Debian has released advisory DSA 468-1 to address these issues. Please see the attached advisory for details on obtaining and applying fixes.
SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.
emil emil 2.1 .0-beta9
Solution:
Debian has released advisory DSA 468-1 to address these issues. Please see the attached advisory for details on obtaining and applying fixes.
SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.
emil emil 2.1 .0-beta9
-
Debian emil_2.1.0-beta9-11woody1_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_alpha.deb -
Debian emil_2.1.0-beta9-11woody1_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_arm.deb -
Debian emil_2.1.0-beta9-11woody1_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_hppa.deb -
Debian emil_2.1.0-beta9-11woody1_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_i386.deb -
Debian emil_2.1.0-beta9-11woody1_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_ia64.deb -
Debian emil_2.1.0-beta9-11woody1_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_m68k.deb -
Debian emil_2.1.0-beta9-11woody1_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_mips.deb -
Debian emil_2.1.0-beta9-11woody1_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_mipsel.deb -
Debian emil_2.1.0-beta9-11woody1_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_powerpc.deb -
Debian emil_2.1.0-beta9-11woody1_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_s390.deb -
Debian emil_2.1.0-beta9-11woody1_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-1 1woody1_sparc.deb
References
Emil Multiple Buffer Overrun and Format String Vulnerabilities
References:
References:
- emil Homepage (emil)
- Re: [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities (Ulf =?iso-8859-1?b?SORybmhhbW1hcg==?=