Security update for tmail mail delivery agent
The local mail delivery agent tmail is vulnerable to a buffer overflow which allows logged-in users to execute code at an elevated privilege level. In certain circumstances, tmail is installed with a set SUID bit, making it run in the root context. Code which has been injected and executed via the buffer overflow will then also run at this privilege level. According to an advisory, the overflow can be triggered by entering an overlong directory name when starting tmail.
The dmail agent is said to exhibit a similar vulnerability, but is not usually started with SUID. Therefore, injected code can only be executed at the attacker's original privilege level.
The versions affected are tmail/dmail in UW IMAP, [2002-2007c], the Panda IMAP, which includes tmail/dmail, and the Alpine messaging system. The University of Washington, who originally created the agent, has made version 2007d available for download.
See also:
- UW/Panda IMAP d/t-mail buffer overflow, advisory by Bitsec
(djwm)