Executive Summary
| Summary | |
|---|---|
| Title | New metamail packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-449 | First vendor Publication | 2004-02-24 |
| Vendor | Debian | Last vendor Modification | 2004-02-24 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Ulf Härnhammar discovered two format string bugs (CAN-2004-0104) and two buffer overflow bugs (CAN-2004-0105) in metamail, an implementation of MIME. An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail. We have been devoting some effort to trying to avoid shipping metamail in the future. It became unmaintainable and these are probably not the last of the vulnerabilities. For the stable distribution (woody) these problems have been fixed in version 2.7-45woody.2. For the unstable distribution (sid) these problems will be fixed in version 2.7-45.2. We recommend that you upgrade your metamail package. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-449 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 2 | |
| Os | 3 | |
| Os | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-17 (metamail) File : nvt/glsa_200405_17.nasl |
| 2008-09-04 | Name : FreeBSD Ports: metamail File : nvt/freebsd_metamail.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 449-1 (metamail) File : nvt/deb_449_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2004-049-02 metamail security update File : nvt/esoft_slk_ssa_2004_049_02.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 4331 | Metamail Long Character/Non-ASCII Message Parsing System Overflow The Metamail fails when parsing the mail headers resulting in a buffer overflow. With a specially crafted mail message containing a header with encoded non-ASCII characters and a long character set name , an attacker can overflow a buffer and execute code on system with privileges of the user, once the message is opened resulting in a loss of confidentiality and/or integrity. |
| 3988 | Metamail Message Parsing System Format String Compromise A remote overflow exists in Metamail. Metamail fails to correctly handle messages containing certain encoded characters in mail headers or containing a "multipart/alternative" media type and format specifiers in the "Content-Type" header resulting in a format string overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code on a user's system. resulting in a loss of confidentiality, integrity, and/or availability. |
| 3987 | Metamail Long Subject Header Message Parsing System Overflow The Metamail fails to check buffer overflow in the ShareThisHeader function in the splitmail.c file. With a specially crafted mail message, containing a long Subject header an attacker can cause buffer overflow and execute arbitrary code on system with privileges of the user, once the message is opened, resulting in a loss of confidentiality and/or integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Metamail header length exploit attempt RuleID : 22115 - Revision : 6 - Type : SERVER-MAIL |
| 2014-01-10 | Metamail header length exploit attempt RuleID : 22114 - Revision : 6 - Type : SERVER-MAIL |
| 2014-01-10 | Metamail header length exploit attempt RuleID : 22113 - Revision : 6 - Type : SERVER-MAIL |
| 2014-01-10 | Metamail format string exploit attempt RuleID : 22112 - Revision : 5 - Type : SERVER-MAIL |
| 2014-01-10 | Metamail format string exploit attempt RuleID : 22111 - Revision : 5 - Type : SERVER-MAIL |
| 2014-01-10 | Metamail format string exploit attempt RuleID : 22110 - Revision : 4 - Type : SERVER-MAIL |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a20082c3625511d880e30020ed76ef5a.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-049-02.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-449.nasl - Type : ACT_GATHER_INFO |
| 2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200405-17.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-014.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-073.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:07 |
|
