Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Apps A-M :: lnx5597.htm

mpack buffer overflow
5th Aug 2002 [SBWID-5597]

	mpack buffer overflow


	All systems using mpack (some news/mail readers ...)


	In Debian Security Advisory [DSA 141-1] :

	Eckehard Berns discovered a  buffer  overflow  in  the  munpack  program
	which  is  used  for  decoding  (respectively)  binary  files  in   MIME
	(Multipurpose  Internet  Mail  Extensions)  format  mail  messages.   If
	munpack is run on an appropriately malformed  email  (or  news  article)
	then it will crash, and perhaps can be made to run arbitrary code.

	Herbert Xu reported a  second  vulnerability  which  affected  malformed
	filenames that refer to files in  upper  directories  like  "../a".  The
	security impact is limited, though, because only a single leading  "../"
	was accepted and only new files can be created (i.e. no  files  will  be





	Debian source archives :

	Size/MD5 checksum:      527 96670945b237c260638c859e38e8aaaa

	Size/MD5 checksum:     3200 60abfda1db9175fdee0efe10d8bebf9b      Size/MD5 checksum:   154859 c1914b27d02f830c3872973c342d5d9e



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH