FreeBSD : Buffer overflows and format string bugs in Emil (ce46b93a-80f2-11d8-9645-0020ed76ef5a)

high Nessus Plugin ID 36683

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Ulf Harnhammar reports multiple buffer overflows in Emil, some of which are triggered during the parsing of attachment filenames. In addition, some format string bugs are present in the error reporting code.

Depending upon local configuration, these vulnerabilities may be exploited using specially crafted messages in order to execute arbitrary code running with the privileges of the user invoking Emil.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?607854c3

http://www.nessus.org/u?268c27bb

Plugin Details

Severity: High

ID: 36683

File Name: freebsd_pkg_ce46b93a80f211d896450020ed76ef5a.nasl

Version: 1.15

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:emil, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/28/2004

Vulnerability Publication Date: 3/24/2004

Reference Information

CVE: CVE-2004-0152, CVE-2004-0153

DSA: 468