Summary: | net-mail/metamail: buffer overflow (CVE-2006-0709) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Cornelius (RETIRED) <dercorny> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | jer, net-mail+disabled | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0709 | ||||||
Whiteboard: | B1 [glsa] DerCorny | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Stefan Cornelius (RETIRED)
2006-03-13 09:43:50 UTC
net-mail please provide updated ebuilds, thanks. Remote attacker can trigger by sending an email -> B1. Created attachment 82118 [details]
sample email from Debian bug.
metamail-2.7.45.3-r1.ebuild committed.
attached is the sample email taken from Debian bug. metamail crash with
$ /usr/bin/metamail < metamail.txt
From: <metaur@localhost>
To: <metaur@localhost>
Subject: metamail crash bug
*** glibc detected *** free(): invalid next size (normal): 0x0805fc30 ***
Aborted
Security, please do your dance. Enjoy.
Archs please test and mark stable. We came, we tested, we alpha'd. Cheers, Ferdy stable on ppc64 amd64 stable. x86 stable. btw, halcy0n has really pretty blue eyes. :)) hppa done by killerfox SPARC'd ppc stable ready for glsa GLSA 200603-16 Thanks everybody. |