Reporter Packet Storm
`Solaris DTmail vulnerable to buffer overflow attack.
DTmail - a program that acts as a mail user agent for the Common Desktop Environment (CDE) - is vulnerable to a
buffer overflow attack which might cause the execution of arbitrary code with the privileges of the user "mail" and
that of the actual user reading the email.
Several buffer overflows have been found in DTmail with regards to its handling of attachments. A remote attacker
may exploit these vulnerabilities to execute arbitrary instructions.
Affected systems: Solaris 2.4, 2.5, 2.5.1 and 2.6.
A patch which fixes this problem has been provided by Sun can be found at their home page.
Solaris patches can be found at: http://sunsolve.sun.com/sunsolve/pubpatches/patches.html. Sun's home page can
be found at: http://www.sun.com.