Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities

Re: [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities

From: Ulf Härnhammar <Ulf.Harnhammar.9485_at_student.uu.se>
Date: Thu, 25 Mar 2004 21:31:50 +0100

"Emil v2 is a filter for converting Internet Messages. It supports
three basic formats: MIME, SUN Mailtool and plain old style RFC822."
It is an old program from SUNET (Swedish University NETwork).

Emil is one of the packages in SUSE Linux and Debian GNU/Linux. It
is also one of the ports in the FreeBSD Ports Collection.

The usual setup is that sendmail or procmail pipe messages from
the network to Emil.

At least versions 2.0.4, 2.0.5 and 2.1.0-beta9 are vulnerable to
several stack-based buffer overflows while parsing and otherwise
handling the filenames of attached files, while 2.1.0-beta9 also is
vulnerable to some rather obscure format string bugs while printing
error messages.

I have attached the archive emil.advisory-data.tar.gz, with a
security patch against 2.1.0-beta9 and three test messages.

testmail1 and run1.sh give an example of a buffer overflow that
occurs when converting files with long filenames from MIME to
uuencode.

testmail2 and run2.sh show a buffer overflow that occurs when
parsing uuencoded files with long filenames.

testmail3 and run3.sh show a buffer overflow that occurs when
converting SUN Mailtool files with long filenames to MIME. 

-- 
Ulf Harnhammar
http://www.advogato.org/person/metaur/

Received on Mar 25 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]