[原文]Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) via a long -f (filterfile) command line argument.
A remote overflow exists in elm. The save_embedded_address() function fails to perform proper bounds checking resulting in a buffer overflow. By sending a message containing a "From" or "Reply-To" field with 512 bytes or more, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Upgrade to version 2.5.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.