what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SA-1998.01.txt

SA-1998.01.txt
Posted Sep 23, 1999

SA-1998.01.txt

SHA-256 | 81ba79b9703c8e26057c7f365bce41c4576b3bca3da4af0d3b07653605c11193

SA-1998.01.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.01: Vulnerability in metamail

Original report date: 24-Oct-1997
RPM build date: 07-Jan-1998
Advisory issue date: 09-Jan-1998

Topic: Metamail allows a fake mime enclosure to overwrite a users file.

I. Problem Description

Metamail is used by a number of mail readers to provide access
to mime enclosures. A weakness in metamail (version 2.7-5 and
earlier) can allow a faked mime enclosure to write or overwrite
a users file.

II. Impact

An attacker can destroy, replace, or create a file in the
directory of a specific user via a mime enclosure. The
attacker must have the users email address and the exact
path to files owned by the user. The user must 'view' the
mime enclosure via a mail reader that uses metamail or the
attack will not work.

The only known exploit uses a mime enclosure with content
named audio-file. (Do not play a mime audio enclosure of
this type without updating.)

This vulnerability exists when metamail has been installed
in these Caldera releases:

CND 1.0
COL 1.0
COL 1.1 Standard
COL 1.1 Base
COL 1.1 Lite

The root user is not vulnerable unless the system has been
configured specifically to allow root to execute metamail.
Done by setting an environment variable or by using a '-r'
command line flag. Pine is an example of a mail reader with
this flaw. We suggest that system administrators forward
mail sent to root having mime attachments to a less privileged
user account before 'reading' the mime attachments. (Even if
you have updated.)


III. Solution

If metamail capabilities are not needed on your system you can
remove metamail. This might be preferred in some installations
as metamail is script based and may have other unknown
vulnerabilities.

rpm -e metamail

If access to mime attachments is needed you should update to
the new metamail which has been made more secure by use of the
mktemp package. Obtain these packages (check the md5sums for
verification):

bb19c854958db5811918b2f4b4ad821c metamail-2.7-7.i386.rpm
b96327b7671d2a36c5aa9116be60aab4 mktemp-1.4-1.i386.rpm

from

ftp://ftp.caldera.com/pub/OpenLinux/updates/1.1/current/RPMS/

Install the packages:

rpm -U metamail-2.7-7.i386.rpm
rpm -i mktemp-1.4-1.i386.rpm


IV. References / Credits

This security advisory is based on the posting to the Bugtraq
email list:

From: Allan Cox alan@LXORGUK.UKUU.ORG.UK
To: BUGTRAQ@NETSPACE.ORG
Date: 24 Oct 1997 22:42:11 +0100
Subject: Vulnerability in metamail
Message-ID: m0xOrUi-0005FvC@lightning.swansea.linux.org.uk

http://www.geek-girl.com/bugtraq/

This update closes Caldera internal problem report #1011.


V. PGP Signature

This message was signed with the PGP key for security@caldera.com.

This key can be obtained from:
ftp://ftp.caldera.com/pub/pgp-keys/

Or on an OpenLinux CDROM under:
/OpenLinux/pgp-keys/

$Id: SA-1998.01,v 1.2 1998/01/09 06:28:03 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNLXFc+n+9R4958LpAQGd5AQAjss2efcbiONEaAoYLuwL7feYf2b0WVW5
JhtQabgD/OYjlmLluXUDb2Mjx5QZYd2kpGdSt7WK63AF0Zi+V+M/FNF9sCLFwp5u
26xZzUN+NJP7oPyVfpYhBfRaYb7TwczrAtfo3g3b7AwyvyaOyQyLjNIB2oUPo6gZ
OxSN15QoJ9I=
=+BOm
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close