FreeBSD : metamail format string bugs and buffer overflows (a20082c3-6255-11d8-80e3-0020ed76ef5a)
High Nessus Plugin ID 36766
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionUlf Harnhammar reported four bugs in metamail: two are format string bugs and two are buffer overflows. The bugs are in SaveSquirrelFile(), PrintHeader(), and ShareThisHeader().
These vulnerabilities could be triggered by a maliciously formatted email message if `metamail' or `splitmail' is used to process it, possibly resulting in arbitrary code execution with the privileges of the user reading mail.
SolutionUpdate the affected package.