In association with heise online

04 November 2008, 13:56

Security update for tmail mail delivery agent

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The local mail delivery agent tmail is vulnerable to a buffer overflow which allows logged-in users to execute code at an elevated privilege level. In certain circumstances, tmail is installed with a set SUID bit, making it run in the root context. Code which has been injected and executed via the buffer overflow will then also run at this privilege level. According to an advisory, the overflow can be triggered by entering an overlong directory name when starting tmail.

The dmail agent is said to exhibit a similar vulnerability, but is not usually started with SUID. Therefore, injected code can only be executed at the attacker's original privilege level.

The versions affected are tmail/dmail in UW IMAP, [2002-2007c], the Panda IMAP, which includes tmail/dmail, and the Alpine messaging system. The University of Washington, who originally created the agent, has made version 2007d available for download.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-737943
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit