The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


FreeBSD Security Advisory: FreeBSD-SA-00:07.mh


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 15 Mar 2000 09:33:08 -0800
From: FreeBSD Security Officer <security-officer@freebsd.org.>
To: [email protected]
Subject: FreeBSD Security Advisory: FreeBSD-SA-00:07.mh

-----BEGIN PGP SIGNED MESSAGE-----


FreeBSD-SA-00:07 Security Advisory FreeBSD, Inc. Topic: mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 ports allow remote execution of binary code Category: ports Module: mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 Announced: 2000-03-15 Affects: Ports collection before the correction date. Corrected: [See below for a more complete description] All versions fixed in 4.0-RELEASE. mh: 2000-03-04 nmh: 2000-02-29 ja-mh: 2000-03-11 exmh: 2000-03-05 exmh2: 2000-03-05 ja-exmh2: 2000-03-11 FreeBSD only: NO I. Background MH and its successor NMH are popular Mail User Agents. EXMH and EXMH2 are TCL/TK-based front-ends to the MH system. There are also Japanese-language versions of the MH and EXMH2 ports. II. Problem Description The mhshow command used for viewing MIME attachments contains a buffer overflow which can be exploited by a specially-crafted email attachment, which will allow the execution of arbitrary code as the local user when the attachment is opened. The *MH ports are not installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains over 3100 third-party applications in a ready-to-install format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to this problem. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact An attacker who can convince a user to open a hostile MIME attachment sent as part of an email message can execute arbitrary binary code running with the privileges of that user. If you have not chosen to install any of the mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 ports/packages, then your system is not vulnerable. IV. Workaround 1) Remove the mhshow binary, located in /usr/local/bin/mhshow. This will prevent the viewing of MIME attachments from within *mh. 2) Remove the mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 ports, if you you have installed them. V. Solution The English language version of the MH software is no longer actively developed, and no fix is currently available. It is unknown whether a fix to the problem will be forthcoming - consider upgrading to use NMH instead, which is the designated successor of the MH software. EXMH and EXMH2 can both be compiled to use NMH instead (this is now the default behaviour). It is not necessary to recompile EXMH/EXMH2 after reinstalling NMH. The Japanese-language version of MH is being actively developed and has been patched to fix the problem. SOLUTION: Remove any old versions of the mail/mh, mail/nmh or japanese/mh ports and perform one of the following: 1) Upgrade your entire ports collection and rebuild the mail/nmh port, or the japanese/mh port. 2) Reinstall a new package obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/nmh-1.0.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/nmh-1.0.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/nmh-1.0.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/ja-mh-6.8.4.3.03 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/ja-mh-6.8.4.3.03 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/ja-mh-6.8.4.3.03 3) download a new port skeleton for the nmh/ja-mh port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOM/I9lUuHi5z0oilAQFCRgP/ZQNoWGqJN7M9M8cp4TD0F+8h1eUsROPs nIQ0n1nG+Ii68M4b8ZZYNOgGZQU8RrUGqoq4uKd8qPj0ORX0B1t0yaMvNU8W/ci+ f8nyqHAf3pkuh1SLmM3Gwd7W+8fCX/+D3zV8ZY3uPL0edrpO7wBGFReY6QmjzGmo m8pP6qMUUAA= =7cV0 -----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру