Bugtraq mailing list archives
Re: SuSE Security Announcement: tnef
From: link () FOO FH-FURTWANGEN DE (Rainer Link)
Date: Tue, 11 Jul 2000 19:41:23 +0200
Thomas Biege wrote:
______________________________________________________________________________ SuSE Security Announcement Package: tnef < 0-124 Date: Mon Jul 10 19:19:16 CEST 2000 Affected SuSE versions: 6.3-6.4 Vulnerability Type: remote compromise SuSE default package: no Other affected systems: all unix systems using this package ______________________________________________________________________________
[cut]
2. Impact By specifing a path name like /etc/passwd and sending a compressed mail to root an adversary could gain remote root access to a system by overwriting the local password database. The same could happen if a mail virus scanner, like AMaVIS, process' a malicious mail.
FYI: AMaViS-Perl: not affected, as a Perl module is used TNEF support was added to AMaViS 0.2.0-pre6-clm-rl-8-20000604 (previous versions are therefore *not* affected), but AMaViS does not run as root when used with qmail, exim and postfix. AMaViS is run as root, when used with sendmail and AMaViS is called via Mlocal. AMaViS may not run as root, when used with sendmail and the new relay scanning setup for AMaViS (--enable-relay). Anyway, a fix for this possible security hole was provided in AMaViS 0.2.0-pre6-clm-rl-8-20000704. It's available at http://sourceforge.net/projects/amavis, http://cvsweb.amavis.org/ or http://www.computer-networking.de/~link/security/amavis-patch.php3#latest_sources (if you prefer a gzipped tarball). We recommend to use Mark Simpson's TNEF (http://world.std.com/~damned/software.html) which does not suffer from this security problem, as it supportes the -d flag to extract files to a specific directory. I would like to thank Robert Valentan of SOLID-SOFT EDV-VertriebsgmbH/Austria for reporting this problem to us and helping us to fix it. best regards, Rainer Link (AMaViS Developer) -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) link () suse de | Member of AMaViS Development Team (dev.amavis.org) rainer.w3.to | Linux/Unix Anti Virus project (lavp.sourceforge.net)
Current thread:
- SuSE Security Announcement: tnef Thomas Biege (Jul 11)
- Re: SuSE Security Announcement: tnef Rainer Link (Jul 11)
- Security hole in Win2K's FTP server Bob Kline (Jul 11)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils Conectiva Security (Jul 17)
- Re: Security hole in Win2K's FTP server Dan Kaminsky (Jul 17)
- Re: Security hole in Win2K's FTP server Adam Muntner (Jul 18)
- Re: Security hole in Win2K's FTP server David LeBlanc (Jul 18)
- Re: Security hole in Win2K's FTP server Darren Reed (Jul 18)
- MDKSA-2000:018 dump update Vincent Danen (Jul 11)
- Sun's Java Web Server remote command execution vulnerability stuart.mcclure () FOUNDSTONE COM (Jul 11)
- Attacking Windows 9x with Loadable Kernel Modules Solar Eclipse (Jul 12)