solaris-dtmail-bof.txt

1999-08-17T00:00:00
ID PACKETSTORM:15315
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Solaris DTmail vulnerable to buffer overflow attack.  
  
DTmail - a program that acts as a mail user agent for the Common Desktop Environment (CDE) - is vulnerable to a  
buffer overflow attack which might cause the execution of arbitrary code with the privileges of the user "mail" and  
that of the actual user reading the email.  
  
Several buffer overflows have been found in DTmail with regards to its handling of attachments. A remote attacker  
may exploit these vulnerabilities to execute arbitrary instructions.  
  
Affected systems: Solaris 2.4, 2.5, 2.5.1 and 2.6.  
  
A patch which fixes this problem has been provided by Sun can be found at their home page.  
  
Solaris patches can be found at: http://sunsolve.sun.com/sunsolve/pubpatches/patches.html. Sun's home page can  
be found at: http://www.sun.com.  
`