Bugzilla – Bug 50320
VUL-0: CVE-2004-0153: emil: buffer overflow and format-string bugs
Last modified: 2021-10-04 08:32:58 UTC
the following was posted to us:
Date: Wed, 3 Mar 2004 16:42:04 +0100
From: Ulf Härnhammar <Ulf.Harnhammar.email@example.com>
Cc: firstname.lastname@example.org, email@example.com
Subject: [firstname.lastname@example.org] Emil buffer overflows and format string bugs
1 Shown ~32 lines Text
2 3.6 KB Application
Here's another unpublished security vulnerability.
Emil buffer overflows and format string bugs
"Emil v2 is a filter for converting Internet Messages. It supports
three basic formats: MIME, SUN Mailtool and plain old style RFC822."
The usual setup is that sendmail or procmail pipe messages from
the network to the program. Emil is vulnerable to some security
problems in Debian stable, testing and unstable, as well as in SUSE
Linux 9.0, 8.2 and possibly older versions of SUSE.
testmail1 and run1.sh give an example of a buffer overflow that
occurs when converting files with long filenames from MIME to
testmail2 and run2.sh show a buffer overflow that occurs when
parsing uuencoded files with long filenames.
testmail3 and run3.sh show a buffer overflow that occurs when
converting SUN Mailtool files with long filenames to MIME.
There are also some obscure format string bugs that's been fixed
for completeness' sake.
emil.patch corrects all issues above. It's diff'ed against the
upstream version 2.1.0-beta9.
// Ulf Harnhammar
[ Part 2, Application/OCTET-STREAM (Name: "emil-stuffs.zip") 4.9KB. ]
[ Cannot display this part. Press "V" then "S" to save in a file. ]
<!-- SBZ_reproduce -->
Created attachment 16351 [details]
Note for me:
Please use CAN-2004-0152 to refer to the buffer overflows, and
CAN-2004-0153 to refer to the format string bugs.
Created attachment 16352 [details]
CDR: 24th of March, 14:00 MET
reassigned for tracking.
CVE-2004-0153: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)