 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51084 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2004:073 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2004:073. Metamail is a system for handling multimedia mail. Ulf Harnhammar discovered two integer overflow bugs and two buffer overflow bugs in versions of Metamail up to and including 2.7. An attacker could create a carefully-crafted message such that when it is opened by a victim and parsed through Metamail, it runs arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0104 and CVE-2004-0105 to these issues. Users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these erratum packages, which contain a backported security patch and are not vulnerable to these issues. Please note that Red Hat Enterprise Linux 3 does not contain Metamail and is therefore not vulnerable to these issues. Red Hat would like to thank Ulf Harnhammar for the notification and patch for these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-073.html Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0104 BugTraq ID: 9692 http://www.securityfocus.com/bid/9692 Bugtraq: 20040218 metamail format string bugs and buffer overflows (Google Search) http://marc.info/?l=bugtraq&m=107713476911429&w=2 CERT/CC vulnerability note: VU#518518 http://www.kb.cert.org/vuls/id/518518 Computer Incident Advisory Center Bulletin: O-083 http://www.ciac.org/ciac/bulletins/o-083.shtml Debian Security Information: DSA-449 (Google Search) http://www.debian.org/security/2004/dsa-449 http://www.mandriva.com/security/advisories?name=MDKSA-2004:014 http://www.redhat.com/support/errata/RHSA-2004-073.html http://secunia.com/advisories/10908 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html XForce ISS Database: metamail-contenttype-format-string(15245) https://exchange.xforce.ibmcloud.com/vulnerabilities/15245 XForce ISS Database: metamail-printheader-format-string(15259) https://exchange.xforce.ibmcloud.com/vulnerabilities/15259 Common Vulnerability Exposure (CVE) ID: CVE-2004-0105 CERT/CC vulnerability note: VU#513062 http://www.kb.cert.org/vuls/id/513062 XForce ISS Database: metamail-printheader-nonascii-bo(15247) https://exchange.xforce.ibmcloud.com/vulnerabilities/15247 XForce ISS Database: metamail-splitmail-subject-bo(15258) https://exchange.xforce.ibmcloud.com/vulnerabilities/15258 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |