blob: a1aa9b6017f358743c202cd1c5d2204f59922db7 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200405-17">
<title>Multiple vulnerabilities in metamail</title>
Several format string bugs and buffer overflows were discovered in
metamail, potentially allowing execution of arbitrary code remotely.
<product type="ebuild">metamail</product>
<announced>May 21, 2004</announced>
<revised>May 21, 2004: 01</revised>
<access>remote </access>
<package name="net-mail/metamail" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
Metamail is a program that decodes MIME encoded mail. It is therefore often
automatically called when an email is received or read.
Ulf Harnhammar found two format string bugs and two buffer overflow bugs in
<impact type="high">
A remote attacker could send a malicious email message and execute
arbitrary code with the rights of the process calling the Metamail program.
There is no known workaround at this time.
All users of Metamail should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-mail/metamail-"
# emerge ">=net-mail/metamail-"</code>
<uri link="">CAN-2004-0104</uri>
<uri link="">CAN-2004-0105</uri>
<metadata tag="submitter">