UBUNTU-CVE-2019-18849

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup...

PT-2019-15699 · Tnef +2 · Tnef +2

Name of the Vulnerable Software and Affected Versions: tnef versions prior to 1.4.18 Description: The issue allows an attacker to potentially write to the victim's .ssh/authorized keys file via a crafted winmail.dat application/ms-tnef attachment in an email message. This is due to a heap-based...