ID CVE-2002-0198 Type cve Reporter cve@mitre.org Modified 2016-10-18T02:16:00
Description
Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.
{"osvdb": [{"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "description": "## Vulnerability Description\nA local overflow exists in ripMIME. The e-mail filter fails to properly handle overly long file names containing 2079 characters or more when passed via certain command-line options, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 1.2.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA local overflow exists in ripMIME. The e-mail filter fails to properly handle overly long file names containing 2079 characters or more when passed via certain command-line options, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://pldaniels.org/ripmime/\n[Vendor Specific Advisory URL](http://pldaniels.org/ripmime/CHANGELOG)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0293.html\nISS X-Force ID: 7983\n[CVE-2002-0198](https://vulners.com/cve/CVE-2002-0198)\nBugtraq ID: 3941\n", "modified": "2002-01-22T00:00:00", "published": "2002-01-22T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:8340", "id": "OSVDB:8340", "type": "osvdb", "title": "ripMIME Long File Name Overflow", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}