Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps A-M :: lnx5597.htm

mpack buffer overflow



5th Aug 2002 [SBWID-5597]
COMMAND

	mpack buffer overflow

SYSTEMS AFFECTED

	All systems using mpack (some news/mail readers ...)

PROBLEM

	In Debian Security Advisory [DSA 141-1] :
	

	Eckehard Berns discovered a  buffer  overflow  in  the  munpack  program
	which  is  used  for  decoding  (respectively)  binary  files  in   MIME
	(Multipurpose  Internet  Mail  Extensions)  format  mail  messages.   If
	munpack is run on an appropriately malformed  email  (or  news  article)
	then it will crash, and perhaps can be made to run arbitrary code.
	

	Herbert Xu reported a  second  vulnerability  which  affected  malformed
	filenames that refer to files in  upper  directories  like  "../a".  The
	security impact is limited, though, because only a single leading  "../"
	was accepted and only new files can be created (i.e. no  files  will  be
	overwritten).

SOLUTION

	 Patch

	 =====

	

	Debian source archives :
	

	http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2.dsc

	Size/MD5 checksum:      527 96670945b237c260638c859e38e8aaaa

	    http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2.diff.gz

	Size/MD5 checksum:     3200 60abfda1db9175fdee0efe10d8bebf9b

	

	http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5.orig.tar.gz      Size/MD5 checksum:   154859 c1914b27d02f830c3872973c342d5d9e

	

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH