Hypermail long mail attachment buffer overflow

hypermail-mail-attachment-bo (11157) The risk level is classified as HighHigh Risk

Description:

Hypermail is vulnerable to a buffer overflow, caused by improper bounds checking of attachment file names. By sending a malicious email with an attachment file name of more than 252 characters, a remote attacker could overflow a buffer and execute arbitrary code on the system.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Hypermail (2.1.6 or later), available from the SourceForge.net Web site. See References.

For Debian/GNU Linux:
Upgrade to the latest hypermail package, as listed below. Refer to DSA-248-1 for more information. See References.

Debian GNU/Linux 2.2 (potato): 2.0b25-1.1 or later
Debian GNU/Linux 3.0 (woody): 2.1.3-2.0 or later

As a workaround, set the progress option to something other than 2.

References:

  • SourceForge.net: SourceForge.net: Project Info - hypermail - convert mbox to HTML.
  • VulnWatch Mailing List, Sun Jan 26 2003 - 20:02:39 CST : Hypermail buffer overflows .
  • BID-6689: Hypermail Message Attachment Buffer Overflow Vulnerability
  • BID-669: Microsoft hhopen OLE Control Buffer Overflow Vulnerability
  • BID-6690: Hypermail CGI Mail Reverse DNS Lookup Buffer Overflow Vulnerability
  • CVE-2003-0057: Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.
  • DSA-248: hypermail -- buffer overflows
  • SA8030: Debian updates to hypermail
  • SUSE-SA:2003:0012: hypermail: remote system compromise

Platforms Affected:

  • Debian Debian Linux 2.2
  • Debian Debian Linux 3.0
  • Hypermail Hypermail 2.1.3
  • Hypermail Hypermail 2.1.4
  • Hypermail Hypermail 2.1.5
  • SUSE SuSE Linux 7.1
  • SUSE SuSE Linux 7.2
  • SUSE SuSE Linux 7.3
  • SUSE SuSE Linux 8.0
  • SUSE SuSE Linux 8.1

Reported:

Jan 26, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page