CVE-2006-0709
CVSS7.5
发布时间 :2006-02-15 06:06:00
修订时间 :2011-03-07 21:30:38
NMCOPS    

[原文]Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105.


[CNNVD]Metamail 缓冲区溢出漏洞(CNNVD-200602-226)

        Metamail 2.7-50中存在缓冲区溢出漏洞。远程攻击者可以借助带有长boundary属性的电子邮件消息造成拒绝服务(应用程序崩溃),并可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0709
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0709
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200602-226
(官方数据源) CNNVD

- 其它链接及资源

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:047
(VENDOR_ADVISORY)  MANDRIVA  MDKSA-2006:047
http://www.securityfocus.com/bid/16611
(PATCH)  BID  16611
http://www.redhat.com/support/errata/RHSA-2006-0217.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0217
http://secunia.com/advisories/19000
(VENDOR_ADVISORY)  SECUNIA  19000
http://secunia.com/advisories/18987
(VENDOR_ADVISORY)  SECUNIA  18987
http://www.vupen.com/english/advisories/2006/0565
(UNKNOWN)  VUPEN  ADV-2006-0565
http://securitytracker.com/id?1015654
(UNKNOWN)  SECTRACK  1015654
http://secunia.com/advisories/18796
(VENDOR_ADVISORY)  SECUNIA  18796
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482
(UNKNOWN)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482
http://xforce.iss.net/xforce/xfdb/24702
(UNKNOWN)  XF  metamail-boundary-bo(24702)
http://www.novell.com/linux/security/advisories/2006_05_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:005
http://www.gentoo.org/security/en/glsa/glsa-200603-16.xml
(UNKNOWN)  GENTOO  GLSA-200603-16
http://www.debian.org/security/2006/dsa-995
(UNKNOWN)  DEBIAN  DSA-995
http://secunia.com/advisories/19304
(UNKNOWN)  SECUNIA  19304
http://secunia.com/advisories/19226
(UNKNOWN)  SECUNIA  19226
http://secunia.com/advisories/19130
(UNKNOWN)  SECUNIA  19130

- 漏洞信息

Metamail 缓冲区溢出漏洞
高危 缓冲区溢出
2006-02-15 00:00:00 2006-03-06 00:00:00
远程  
        Metamail 2.7-50中存在缓冲区溢出漏洞。远程攻击者可以借助带有长boundary属性的电子邮件消息造成拒绝服务(应用程序崩溃),并可能执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Metamail Metamail 2.7
        Debian metamail_2.7-45woody.4_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_alpha.deb
        Debian metamail_2.7-45woody.4_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_arm.deb
        Debian metamail_2.7-45woody.4_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_hppa.deb
        Debian metamail_2.7-45woody.4_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_i386.deb
        Debian metamail_2.7-45woody.4_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_ia64.deb
        Debian metamail_2.7-45woody.4_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_m68k.deb
        Debian metamail_2.7-45woody.4_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_mips.deb
        Debian metamail_2.7-45woody.4_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_mipsel.deb
        Debian metamail_2.7-45woody.4_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_powerpc.deb
        Debian metamail_2.7-45woody.4_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_s390.deb
        Debian metamail_2.7-45woody.4_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 5woody.4_sparc.deb
        Debian metamail_2.7-47sarge1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_alpha.deb
        Debian metamail_2.7-47sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_amd64.deb
        Debian metamail_2.7-47sarge1_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_arm.deb
        Debian metamail_2.7-47sarge1_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_hppa.deb
        Debian metamail_2.7-47sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_i386.deb
        Debian metamail_2.7-47sarge1_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_ia64.deb
        Debian metamail_2.7-47sarge1_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_m68k.deb
        Debian metamail_2.7-47sarge1_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_mips.deb
        Debian metamail_2.7-47sarge1_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_mipsel.deb
        Debian metamail_2.7-47sarge1_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_powerpc.deb
        Debian metamail_2.7-47sarge1_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_s390.deb
        Debian metamail_2.7-47sarge1_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-4 7sarge1_sparc.deb
        

- 漏洞信息 (F44164)

Mandriva Linux Security Advisory 2006.047 (PacketStormID:F44164)
2006-02-26 00:00:00
Mandriva  mandriva.com
advisory,overflow,arbitrary
linux,mandriva
CVE-2006-0709
[点击下载]

Mandriva Linux Security Advisory - Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:047
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : metamail
 Date    : February 22, 2006
 Affected: 10.1, 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Ulf Harnhammar discovered a buffer overflow vulnerability in the way
 that metamail handles certain mail messages.  An attacker could create
 a carefully-crafted message that, when parsed via metamail, could
 execute arbitrary code with the privileges of the user running
 metamail.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0709
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 ba0268bd4a41df13182c7ad54326dba5  10.1/RPMS/metamail-2.7-11.1.101mdk.i586.rpm
 37738308d3dff71b6eb473c207acc588  10.1/SRPMS/metamail-2.7-11.1.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 31b1df74ae413c00e037675fb772bc86  x86_64/10.1/RPMS/metamail-2.7-11.1.101mdk.x86_64.rpm
 37738308d3dff71b6eb473c207acc588  x86_64/10.1/SRPMS/metamail-2.7-11.1.101mdk.src.rpm

 Mandriva Linux 10.2:
 6dae955385087b6bffdebca801ac2de9  10.2/RPMS/metamail-2.7-11.1.102mdk.i586.rpm
 d4f56b18f644e54f5aaadf59247b6ba9  10.2/SRPMS/metamail-2.7-11.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 b8904fd8e2d4c4b16329eb3be040ae82  x86_64/10.2/RPMS/metamail-2.7-11.1.102mdk.x86_64.rpm
 d4f56b18f644e54f5aaadf59247b6ba9  x86_64/10.2/SRPMS/metamail-2.7-11.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 983ad9efe0f7270920f719209e29ef8d  2006.0/RPMS/metamail-2.7-11.2.20060mdk.i586.rpm
 f2d440c17063c3440342afd83a939dfe  2006.0/SRPMS/metamail-2.7-11.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 3b2eb2370dd3a37a0f6e7b8e6e97d65f  x86_64/2006.0/RPMS/metamail-2.7-11.2.20060mdk.x86_64.rpm
 f2d440c17063c3440342afd83a939dfe  x86_64/2006.0/SRPMS/metamail-2.7-11.2.20060mdk.src.rpm

 Corporate 3.0:
 193e9f3fe5013735ae70e1f0d123375c  corporate/3.0/RPMS/metamail-2.7-11.1.C30mdk.i586.rpm
 33711284aa358a2d82db961a27231e6e  corporate/3.0/SRPMS/metamail-2.7-11.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6b44f1e909779950783bbab4988e391a  x86_64/corporate/3.0/RPMS/metamail-2.7-11.1.C30mdk.x86_64.rpm
 33711284aa358a2d82db961a27231e6e  x86_64/corporate/3.0/SRPMS/metamail-2.7-11.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD/PkqmqjQ0CJFipgRAhYMAKC3O/7nyT1s6J6EB/VNpcIbTIvHnQCghr6y
u2xiwltT4FfeKnIyVhGA3jc=
=Nnp1
-----END PGP SIGNATURE-----

    

- 漏洞信息

23159
Metamail Mail Message Boundary Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-02-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Metamail Message Processing Remote Buffer Overflow Vulnerability
Boundary Condition Error 16611
Yes No
2006-02-12 12:00:00 2007-01-02 04:36:00
Discovered by Ulf Harnhammar <metaur@operamail.com>.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Metamail Metamail 2.7
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ FreeBSD FreeBSD 2.2.2
+ RedHat Linux 4.2
+ SCO Open UNIX 8.0
+ SCO Unixware 7.1.3
+ SCO Unixware 7.1.2
+ SCO Unixware 7.1.1
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 8.0
+ Slackware Linux -current
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0

- 漏洞讨论

Metamail is prone to a remote buffer-overflow vulnerability.

This issue arises when the application handles messages with large string values for boundaries.

This can cause memory corruption and trigger a crash in the application. This issue may also lead to arbitrary code execution, but this is unconfirmed.

Metamail 2.7 is reportedly vulnerable, but other versions may be affected as well.

- 漏洞利用


A proof of concept is available from the following location:

http://bugs.debian.org/cgi-bin/bugreport.cgi/metamail.txt?bug=352482;msg=5;att=1

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案


A patch by Ulf Harnhammar <metaur@operamail.commailto:metaur@operamail.com> is available at the following location:

http://bugs.debian.org/cgi-bin/bugreport.cgi/metamail.boundarycrash.patch?bug=352482;msg=5;att=2http://bugs.debian.org/cgi-bin/bugreport.cgi/metamail.boundarycrash.patch?bug=352482;msg=5;att=2

Symantec has not verified this patch.

Please see the referenced vendor advisories for more information and fixes.


Metamail Metamail 2.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站