Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2004-073: metamail Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the metamail packages

Detailed Explanation for this Vulnerability Test

Updated metamail packages that fix a number of vulnerabilities are now

Metamail is a system for handling multimedia mail.

Ulf Harnhammar discovered two format string bugs and two buffer overflow
bugs in versions of Metamail up to and including 2.7. A possible hacker could
create a carefully-crafted message such that when it is opened by a victim
and parsed through Metamail, it runs arbitrary code as the victim. The
Common Vulnerabilities and Exposures project ( has assigned
the names CVE-2004-0104 (format strings) and CVE-2004-0105 (buffer
overflows) to these issues.

Users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these
erratum packages, which contain a backported security patch and are not
vulnerable to these issues. Please note that Red Hat Enterprise Linux 3
does not contain Metamail and is therefore not vulnerable to these issues.

Red Hat would like to thank Ulf Harnhammar for the notification and patch
for these issues.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.