hypermail - buffer overflows
| Package(s): | hypermail | CVE #(s): | CAN-2003-0057 | ||||||||
| Created: | February 11, 2003 | Updated: | February 27, 2003 | ||||||||
| Description: | Ulf Harnhammar discovered two problems in hypermail, a program to
create HTML archives of mailing lists.
An attacker could craft a long filename for an attachment that would overflow two buffers when a certain option for interactive use was given, opening the possibility to inject arbitrary code. This code would then be executed under the user id hypermail runs as, mostly as a local user. Automatic and silent use of hypermail does not seem to be affected. The CGI program mail, which is not installed by the Debian package, does a reverse look-up of the user's IP number and copies the resulting hostname into a fixed-size buffer. A specially crafted DNS reply could overflow this buffer, opening the program to an exploit. | ||||||||||
| Alerts: |
| ||||||||||