|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: MH also vulnerable to remote attack (was Re: nmh security update)
From: Dan Harkless (dan-bugtraq
DILVISH.SPEED.NET)Date: Thu Mar 02 2000 - 18:37:37 CST
- Next message: Joel Klecker: "Re: [XFree86 3.3.6] fix for race conditions in xterm logfile handling"
- Previous message: X-Force: "X-Force Response to ISS RealSecure's ability to address modified attack signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ruud de Rooij <ruudRUUD.ORG> writes:
> Versions prior to 1.0.3 of the nmh package contained a vulnerability
> where incoming mail messages with carefully designed MIME headers could
> cause nmh's mhshow command to execute arbitrary shell code.
>
> This bug has been fixed in nmh 1.0.3 and we encourage you to upgrade
> immediately. The fixed package is available at
>
> ftp://ftp.mhost.com/pub/nmh/nmh-1.0.3.tar.gz
>
> The MD5sum of nmh-1.0.3.tar.gz is 02519bf8f7ff8590ecfbee9f9500ea07.
Please note that the MIME-handling code with the security hole dates back to
nmh's ancestor MH, so MH users (at least those using latter-day versions
with MIME capability) are also strongly encouraged to upgrade to nmh 1.0.3.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraqdilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
- Next message: Joel Klecker: "Re: [XFree86 3.3.6] fix for race conditions in xterm logfile handling"
- Previous message: X-Force: "X-Force Response to ISS RealSecure's ability to address modified attack signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]