DSA-2082

Executive Summary

Summary
Title	New gmime2.2 packages fix arbitrary code execution

Informations
Name	DSA-2082	First vendor Publication	2010-08-02
Vendor	Debian	Last vendor Modification	2010-08-02
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that a buffer overflow in the MIME library GMime might lead to the execution of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in version 2.2.22-2+lenny2.

For the unstable distribution (sid), this problem has been fixed in version 2.2.25-1.1.

We recommend that you upgrade your gmime2.2 packages.

Original Source

Url : http://www.debian.org/security/2010/dsa-2082

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnome Gmime cpe:/a:gnome:gmime:2.4.9 cpe:/a:gnome:gmime:2.4.8 cpe:/a:gnome:gmime:2.4.7 cpe:/a:gnome:gmime:2.4.6 cpe:/a:gnome:gmime:2.4.5 cpe:/a:gnome:gmime:2.4.4 cpe:/a:gnome:gmime:2.4.3 cpe:/a:gnome:gmime:2.4.2 cpe:/a:gnome:gmime:2.4.13 cpe:/a:gnome:gmime:2.4.12 cpe:/a:gnome:gmime:2.4.11 cpe:/a:gnome:gmime:2.4.10 cpe:/a:gnome:gmime:2.4.1 cpe:/a:gnome:gmime:2.4.0	14