LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

elm: vulnerability in frm command

Package(s):elm CVE #(s):CAN-2003-0966
Created:February 13, 2004 Updated:February 18, 2004
Description: Elm is a terminal mode email user agent. The frm command is provided as part of the Elm packages and gives a summary list of the sender and subject of selected messages in a mailbox or folder.

A buffer overflow vulnerability was found in the frm command. An attacker could create a message with an overly long Subject line such that when the frm command is run by a victim arbitrary code is executed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0966 to this issue.

Alerts:
Whitebox WBSA-2004:009-01 2004-02-12
(Log in to post comments)

elm: vulnerability in frm command

Posted Feb 19, 2004 3:51 UTC (Thu) by rfunk (subscriber, #4054) [Link]

Sigh. "filter" was removed from the barely-maintained elm distribution
years ago due to a similar hole.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds