Detections
Analytics

Debian DSA-248-1 : hypermail - buffer overflows

high Nessus Plugin ID 15085

Synopsis

The remote Debian host is missing a security-related update.

Description

Ulf Harnhammar discovered two problems in hypermail, a program to create HTML archives of mailing lists.

An attacker could craft a long filename for an attachment that would overflow two buffers when a certain option for interactive use was given, opening the possibility to inject arbitrary code. This code would then be executed under the user id hypermail runs as, mostly as a local user. Automatic and silent use of hypermail does not seem to be affected.

The CGI program mail, which is not installed by the Debian package, does a reverse look-up of the user's IP number and copies the resulting hostname into a fixed-size buffer. A specially crafted DNS reply could overflow this buffer, opening the program to an exploit.

Solution

Upgrade the hypermail packages.

For the stable distribution (woody) this problem has been fixed in version 2.1.3-2.0.

For the old stable distribution (potato) this problem has been fixed in version 2.0b25-1.1.

See Also

http://www.debian.org/security/2003/dsa-248

Plugin Details

Severity: High

ID: 15085

File Name: debian_DSA-248.nasl

Version: 1.23

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:hypermail, cpe:/o:debian:debian_linux:2.2, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 1/31/2003

Reference Information

CVE: CVE-2003-0057

BID: 6689, 6690

DSA: 248