How to Buy
This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated metamail packages that fix a number of vulnerabilities are now
Metamail is a system for handling multimedia mail.
Ulf Harnhammar discovered two format string bugs and two buffer
overflow bugs in versions of Metamail up to and including 2.7. An
attacker could create a carefully-crafted message such that when it is
opened by a victim and parsed through Metamail, it runs arbitrary code
as the victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2004-0104 (format strings)
and CVE-2004-0105 (buffer overflows) to these issues.
Users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these
erratum packages, which contain a backported security patch and are
not vulnerable to these issues. Please note that Red Hat Enterprise
Linux 3 does not contain Metamail and is therefore not vulnerable to
Red Hat would like to thank Ulf Harnhammar for the notification and
patch for these issues.
See also :
Update the affected metamail package.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12471 ()
CVE ID: CVE-2004-0104CVE-2004-0105
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.