Metamail多个缓冲区溢出/格式串处理漏洞

Metamail多个缓冲区溢出/格式串处理漏洞

漏洞ID 1107730 漏洞类型 未知
发布时间 2004-02-18 更新时间 2005-10-20
图片[1]-Metamail多个缓冲区溢出/格式串处理漏洞-安全小百科CVE编号 CVE-2004-0104
图片[2]-Metamail多个缓冲区溢出/格式串处理漏洞-安全小百科CNNVD-ID CNNVD-200403-002
漏洞平台 Linux CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23728
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-002
|漏洞详情
Metamail是MIME实现的多用途邮件系统。Metamail存在缓冲区溢出和格式串处理问题,远程攻击者可以利用这个漏洞可能以metamail进程权限在系统上执行任意指令。当处理”multipart/alternative”媒介类型和包含的”Content-Type”字段中参数名或值包含格式串代码,在SaveSquirrelFile()函数中由于fprintf()不充分处理外部输入,可造成格式串问题,破坏内存信息。第二个格式串问题是当消息在MAIL头中包含非ASCII字符编码数据时,在PrintHeader()函数中的printf()不充分处理外部输入,可造成格式串问题,破坏内存信息。另外处理超长Subject字段和部分消息时缺少充分边界缓冲区检查,可导致缓冲区溢出,精心构建提交数据可能以metamail进程权限在系统上执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/9692/info

Metamail has been reported prone to multiple vulnerabilities that may provide for arbitrary code execution. Two buffer overflow vulnerabilities have been reported to affect Metamail. Additionally, two format string-handling vulnerabilities have been reported. These issues may also be exploited by a remote attacker to execute arbitrary code. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23728-1.splitmail

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23728-2.tgz

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23728-3

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23728-4

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23728-5
|参考资料

来源:US-CERTVulnerabilityNote:VU#518518
名称:VU#518518
链接:http://www.kb.cert.org/vuls/id/518518
来源:BID
名称:9692
链接:http://www.securityfocus.com/bid/9692
来源:REDHAT
名称:RHSA-2004:073
链接:http://www.redhat.com/support/errata/RHSA-2004-073.html
来源:XF
名称:metamail-printheader-format-string(15259)
链接:http://xforce.iss.net/xforce/xfdb/15259
来源:XF
名称:metamail-contenttype-format-string(15245)
链接:http://xforce.iss.net/xforce/xfdb/15245
来源:DEBIAN
名称:DSA-449
链接:http://www.debian.org/security/2004/dsa-449
来源:SECUNIA
名称:10908
链接:http://secunia.com/advisories/10908
来源:VULNWATCH
名称:20040218metamailformatstringbugsandbufferoverflows
链接:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html
来源:SLACKWARE
名称:SSA:2004-049
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y;=2004&m;=slackware-security.404734
来源:MANDRAKE
名称:MDKSA-2004:014
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:014
来源:CIAC
名称:O-083
链接:http://www.ciac.org/ciac/bulletins/o-083.shtml
来源:BUGTRAQ
名称:20

相关推荐: Cisco VPN client存在多个安全漏洞

Cisco VPN client存在多个安全漏洞 漏洞ID 1203950 漏洞类型 未知 发布时间 2002-09-05 更新时间 2002-09-05 CVE编号 CVE-2002-0852 CNNVD-ID CNNVD-200209-014 漏洞平台 N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享