Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 126052
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Stefan Cornelius (RETIRED) <dercorny@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
metamail.txt sample email from Debian bug. text/plain Tuan Van (RETIRED) 2006-03-14 10:50 0000 8.98 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 126052 depends on: Show dependency tree
Bug 126052 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-03-13 09:43 0000 
Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via e-mail
messages with a long boundary attribute, a different vulnerability than
CVE-2004-0105.

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-03-13 09:44:58 0000 ------- 
net-mail please provide updated ebuilds, thanks.

------- Comment #2 From Thierry Carrez (RETIRED) 2006-03-13 10:34:53 0000 ------- 
Remote attacker can trigger by sending an email -> B1.

------- Comment #3 From Tuan Van (RETIRED) 2006-03-14 10:50:36 0000 ------- 
Created an attachment (id=82118) [details]
sample email from Debian bug.

metamail-2.7.45.3-r1.ebuild committed.
attached is the sample email taken from Debian bug. metamail crash with

$ /usr/bin/metamail < metamail.txt
From: <metaur@localhost>
To: <metaur@localhost>
Subject: metamail crash bug

*** glibc detected *** free(): invalid next size (normal): 0x0805fc30 ***
Aborted

Security, please do your dance. Enjoy.

------- Comment #4 From Thierry Carrez (RETIRED) 2006-03-14 13:16:04 0000 ------- 
Archs please test and mark stable.

------- Comment #5 From Fernando J. Pereda (RETIRED) 2006-03-14 13:31:49 0000 ------- 
We came, we tested, we alpha'd.

Cheers,
Ferdy

------- Comment #6 From Markus Rothe 2006-03-15 08:37:03 0000 ------- 
stable on ppc64

------- Comment #7 From Chris White (RETIRED) 2006-03-15 12:35:16 0000 ------- 
amd64 stable.

------- Comment #8 From Andrej Kacian (RETIRED) 2006-03-15 13:25:45 0000 ------- 
x86 stable. btw, halcy0n has really pretty blue eyes. :))

------- Comment #9 From Jeroen Roovers 2006-03-15 17:05:54 0000 ------- 
hppa done by killerfox

------- Comment #10 From Jason Wever (RETIRED) 2006-03-15 18:21:49 0000 ------- 
SPARC'd

------- Comment #11 From Tobias Scherbaum 2006-03-16 11:10:53 0000 ------- 
ppc stable

------- Comment #12 From Stefan Cornelius (RETIRED) 2006-03-17 01:50:05 0000 ------- 
ready for glsa

------- Comment #13 From Stefan Cornelius (RETIRED) 2006-03-17 10:41:54 0000 ------- 
GLSA 200603-16

Thanks everybody.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug