CentOS Update for procmail CESA-2014:1172 centos6. A heap-based buffer overflow flaw was found in procmail's formail utility. All procmail users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue
Reporter | Title | Published | Views | Family All 73 |
---|---|---|---|---|
Amazon | Important: procmail | 17 Sep 201421:46 | – | amazon |
OpenVAS | Debian: Security Advisory (DLA-46-1) | 8 Mar 202300:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-3019-1) | 3 Sep 201400:00 | – | openvas |
OpenVAS | CentOS Update for procmail CESA-2014:1172 centos7 | 11 Sep 201400:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-2340-1) | 5 Sep 201400:00 | – | openvas |
OpenVAS | Debian Security Advisory DSA 3019-1 (procmail - security update) | 4 Sep 201400:00 | – | openvas |
OpenVAS | Fedora Update for procmail FEDORA-2014-10359 | 1 Oct 201400:00 | – | openvas |
OpenVAS | Mageia: Security Advisory (MGASA-2014-0373) | 28 Jan 202200:00 | – | openvas |
OpenVAS | Amazon Linux: Security Advisory (ALAS-2014-408) | 8 Sep 201500:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2014:1137-1) | 9 Jun 202100:00 | – | openvas |
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.882022");
script_version("2023-07-11T05:06:07+0000");
script_tag(name:"last_modification", value:"2023-07-11 05:06:07 +0000 (Tue, 11 Jul 2023)");
script_tag(name:"creation_date", value:"2014-09-11 05:58:30 +0200 (Thu, 11 Sep 2014)");
script_cve_id("CVE-2014-3618");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("CentOS Update for procmail CESA-2014:1172 centos6");
script_tag(name:"insight", value:"The procmail program is used for local
mail delivery. In addition to just delivering mail, procmail can be used for
automatic filtering, presorting, and other mail handling jobs.
A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
All procmail users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.");
script_tag(name:"affected", value:"procmail on CentOS 6");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"CESA", value:"2014:1172");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2014-September/020550.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'procmail'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS6");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"procmail", rpm:"procmail~3.22~25.1.el6_5.1", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo