Detections
Analytics

FreeBSD : elm -- remote buffer overflow in Expires header (f66e011d-13ff-11da-af41-0004614cc33d)

high Nessus Plugin ID 21539

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Ulf Harnhammar has discovered a remotely exploitable buffer overflow in Elm e-mail client when parsing the Expires header of an e-mail message :

The attacker only needs to send the victim an e-mail message. When the victim with that message in his or her inbox starts Elm or simply views the inbox in an already started copy of Elm, the buffer overflow will happen immediately. The overflow is stack-based, and it gives full control over EIP, EBP and EBX. It is caused by a bad sscanf(3) call, using a format string containing '%s' to copy from a long char array to a shorter array.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?43353d7c

http://www.nessus.org/u?ae811a4e

Plugin Details

Severity: High

ID: 21539

File Name: freebsd_pkg_f66e011d13ff11daaf410004614cc33d.nasl

Version: 1.12

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:elm, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/23/2005

Vulnerability Publication Date: 8/20/2005