Family: Debian Local Security Checks --> Category: infos
[DSA449] DSA-449-1 metamail Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Ulf Härnhammar discovered two format string bugs (CVE-2004-0104) and
two buffer overflow bugs (CVE-2004-0105) in metamail, an
implementation of MIME. A possible hacker could create a carefully-crafted
mail message which will execute arbitrary code as the victim when it
is opened and parsed through metamail.
We have been devoting some effort to trying to avoid shipping metamail
in the future. It became unmaintainable and these are probably not
the last of the vulnerabilities.
For the stable distribution (woody) these problems have been fixed in
For the unstable distribution (sid) these problems will be fixed in
We recommend that you upgrade your metamail package.
Solution : http://www.debian.org/security/2004/dsa-449
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.