Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-073: metamail Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the metamail packages
Detailed Explanation for this Vulnerability Test
Updated metamail packages that fix a number of vulnerabilities are now
Metamail is a system for handling multimedia mail.
Ulf Harnhammar discovered two format string bugs and two buffer overflow
bugs in versions of Metamail up to and including 2.7. A possible hacker could
create a carefully-crafted message such that when it is opened by a victim
and parsed through Metamail, it runs arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CVE-2004-0104 (format strings) and CVE-2004-0105 (buffer
overflows) to these issues.
Users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these
erratum packages, which contain a backported security patch and are not
vulnerable to these issues. Please note that Red Hat Enterprise Linux 3
does not contain Metamail and is therefore not vulnerable to these issues.
Red Hat would like to thank Ulf Harnhammar for the notification and patch
for these issues.
Solution : http://rhn.redhat.com/errata/RHSA-2004-073.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.