Bug 50320 - (CVE-2004-0153) VUL-0: CVE-2004-0153: emil: buffer overflow and format-string bugs
(CVE-2004-0153)
VUL-0: CVE-2004-0153: emil: buffer overflow and format-string bugs
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All Linux
: P3 - Medium : Normal
: ---
Assigned To: Thomas Biege
Security Team bot
CVE-2004-0153: CVSS v2 Base Score: 7....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-04 16:01 UTC by Thomas Biege
Modified: 2021-10-04 08:32 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
emil-stuffs.zip (3.51 KB, application/x-zip)
2004-03-04 16:02 UTC, Thomas Biege
Details
patchinfo-box.emil (606 bytes, text/plain)
2004-03-04 16:23 UTC, Thomas Biege
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2004-03-04 16:01:23 UTC
Hello Andreas, 
the following was posted to us: 
Date: Wed,  3 Mar 2004 16:42:04 +0100 
From: Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se> 
To: team@security.debian.org 
Cc: steve@steve.org.uk, security@suse.de 
Subject: [security@suse.de] Emil buffer overflows and format string bugs 
Parts/Attachments: 
   1 Shown    ~32 lines  Text 
   2          3.6 KB     Application 
---------------------------------------- 
 
Here's another unpublished security vulnerability. 
 
 
Emil buffer overflows and format string bugs 
============================================ 
 
"Emil v2 is a filter for converting Internet Messages. It supports 
three basic formats: MIME, SUN Mailtool and plain old style RFC822." 
The usual setup is that sendmail or procmail pipe messages from 
the network to the program. Emil is vulnerable to some security 
problems in Debian stable, testing and unstable, as well as in SUSE 
Linux 9.0, 8.2 and possibly older versions of SUSE. 
 
testmail1 and run1.sh give an example of a buffer overflow that 
occurs when converting files with long filenames from MIME to 
uuencode. 
 
testmail2 and run2.sh show a buffer overflow that occurs when 
parsing uuencoded files with long filenames. 
 
testmail3 and run3.sh show a buffer overflow that occurs when 
converting SUN Mailtool files with long filenames to MIME. 
 
There are also some obscure format string bugs that's been fixed 
for completeness' sake. 
 
emil.patch corrects all issues above. It's diff'ed against the 
upstream version 2.1.0-beta9. 
 
 
// Ulf Harnhammar 
 
    [ Part 2, Application/OCTET-STREAM (Name: "emil-stuffs.zip")  4.9KB. ] 
    [ Cannot display this part. Press "V" then "S" to save in a file. ]
Comment 1 Thomas Biege 2004-03-04 16:01:23 UTC
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2004-03-04 16:02:23 UTC
Created attachment 16351 [details]
emil-stuffs.zip
Comment 3 Thomas Biege 2004-03-04 16:06:40 UTC
Note for me: 
Please use CAN-2004-0152 to refer to the buffer overflows, and 
CAN-2004-0153 to refer to the format string bugs. 
Comment 4 Thomas Biege 2004-03-04 16:23:50 UTC
Created attachment 16352 [details]
patchinfo-box.emil
Comment 5 Thomas Biege 2004-03-05 18:51:18 UTC
CDR: 24th of March, 14:00 MET 
Comment 6 Andreas Schwab 2004-03-05 22:00:12 UTC
Submitted. 
Comment 7 Thomas Biege 2004-03-15 19:15:10 UTC
reassigned for tracking. 
Comment 8 Thomas Biege 2004-03-24 20:04:48 UTC
packages approved 
Comment 9 Thomas Biege 2009-10-13 20:16:43 UTC
CVE-2004-0153: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)