Vulnerabilities > CVE-2004-0105 - Buffer Overflow/Format String Handling vulnerability in Metamail

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
metamail-corporation
sgi
redhat
nessus

Summary

Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200405-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200405-17 (Multiple vulnerabilities in metamail) Ulf Harnhammar found two format string bugs and two buffer overflow bugs in Metamail. Impact : A remote attacker could send a malicious email message and execute arbitrary code with the rights of the process calling the Metamail program. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id14503
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14503
    titleGLSA-200405-17 : Multiple vulnerabilities in metamail
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200405-17.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14503);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:41");
    
      script_cve_id("CVE-2004-0104", "CVE-2004-0105");
      script_xref(name:"GLSA", value:"200405-17");
    
      script_name(english:"GLSA-200405-17 : Multiple vulnerabilities in metamail");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200405-17
    (Multiple vulnerabilities in metamail)
    
        Ulf Harnhammar found two format string bugs and two buffer overflow bugs in
        Metamail.
      
    Impact :
    
        A remote attacker could send a malicious email message and execute
        arbitrary code with the rights of the process calling the Metamail program.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200405-17"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All users of Metamail should upgrade to the latest stable version:
        # emerge sync
        # emerge -pv '>=net-mail/metamail-2.7.45.3'
        # emerge '>=net-mail/metamail-2.7.45.3'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:metamail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/05/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/02/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-mail/metamail", unaffected:make_list("ge 2.7.45.3"), vulnerable:make_list("lt 2.7.45.3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-mail/metamail");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-073.NASL
    descriptionUpdated metamail packages that fix a number of vulnerabilities are now available. Metamail is a system for handling multimedia mail. Ulf Harnhammar discovered two format string bugs and two buffer overflow bugs in versions of Metamail up to and including 2.7. An attacker could create a carefully-crafted message such that when it is opened by a victim and parsed through Metamail, it runs arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0104 (format strings) and CVE-2004-0105 (buffer overflows) to these issues. Users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these erratum packages, which contain a backported security patch and are not vulnerable to these issues. Please note that Red Hat Enterprise Linux 3 does not contain Metamail and is therefore not vulnerable to these issues. Red Hat would like to thank Ulf Harnhammar for the notification and patch for these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id12471
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12471
    titleRHEL 2.1 : metamail (RHSA-2004:073)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2004:073. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12471);
      script_version ("1.29");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2004-0104", "CVE-2004-0105");
      script_xref(name:"RHSA", value:"2004:073");
    
      script_name(english:"RHEL 2.1 : metamail (RHSA-2004:073)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated metamail packages that fix a number of vulnerabilities are now
    available.
    
    Metamail is a system for handling multimedia mail.
    
    Ulf Harnhammar discovered two format string bugs and two buffer
    overflow bugs in versions of Metamail up to and including 2.7. An
    attacker could create a carefully-crafted message such that when it is
    opened by a victim and parsed through Metamail, it runs arbitrary code
    as the victim. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the names CVE-2004-0104 (format strings)
    and CVE-2004-0105 (buffer overflows) to these issues.
    
    Users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these
    erratum packages, which contain a backported security patch and are
    not vulnerable to these issues. Please note that Red Hat Enterprise
    Linux 3 does not contain Metamail and is therefore not vulnerable to
    these issues.
    
    Red Hat would like to thank Ulf Harnhammar for the notification and
    patch for these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0105"
      );
      # http://marc.theaimsgroup.com/?l=bugtraq&m=107713476911429
      script_set_attribute(
        attribute:"see_also",
        value:"https://marc.info/?l=bugtraq&m=107713476911429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:073"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected metamail package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:metamail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/02/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2004:073";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"metamail-2.7-29")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "metamail");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-449.NASL
    descriptionUlf Harnhammar discovered two format string bugs ( CAN-2004-0104) and two buffer overflow bugs ( CAN-2004-0105) in metamail, an implementation of MIME. An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail. We have been devoting some effort to trying to avoid shipping metamail in the future. It became unmaintainable and these are probably not the last of the vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id15286
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15286
    titleDebian DSA-449-1 : metamail - buffer overflow, format string bugs
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-449. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15286);
      script_version("1.25");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2004-0104", "CVE-2004-0105");
      script_bugtraq_id(9692);
      script_xref(name:"CERT", value:"513062");
      script_xref(name:"CERT", value:"518518");
      script_xref(name:"DSA", value:"449");
    
      script_name(english:"Debian DSA-449-1 : metamail - buffer overflow, format string bugs");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ulf Harnhammar discovered two format string bugs ( CAN-2004-0104) and
    two buffer overflow bugs ( CAN-2004-0105) in metamail, an
    implementation of MIME. An attacker could create a carefully-crafted
    mail message which will execute arbitrary code as the victim when it
    is opened and parsed through metamail.
    
    We have been devoting some effort to trying to avoid shipping metamail
    in the future. It became unmaintainable and these are probably not the
    last of the vulnerabilities."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-449"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the metamail package.
    
    For the stable distribution (woody) these problems have been fixed in
    version 2.7-45woody.2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:metamail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/02/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"metamail", reference:"2.7-45woody.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_METAMAIL_27_2.NASL
    descriptionThe following package needs to be updated: metamail
    last seen2016-09-26
    modified2011-10-03
    plugin id12574
    published2004-07-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=12574
    titleFreeBSD : metamail format string bugs and buffer overflows (108)
    code
    #%NASL_MIN_LEVEL 999999
    
    # @DEPRECATED@
    #
    # This script has been deprecated by freebsd_pkg_a20082c3625511d880e30020ed76ef5a.nasl.
    #
    # Disabled on 2011/10/02.
    #
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # This script contains information extracted from VuXML :
    #
    # Copyright 2003-2006 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #   copyright notice, this list of conditions and the following
    #   disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #   published online in any format, converted to PDF, PostScript,
    #   RTF and other formats) must reproduce the above copyright
    #   notice, this list of conditions and the following disclaimer
    #   in the documentation and/or other materials provided with the
    #   distribution.
    #
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    #
    #
    
    include('compat.inc');
    
    if ( description )
    {
     script_id(12574);
     script_version("1.13");
     script_bugtraq_id(9692);
     script_cve_id("CVE-2004-0105");
     script_cve_id("CVE-2004-0104");
    
     script_name(english:"FreeBSD : metamail format string bugs and buffer overflows (108)");
    
    script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');
    script_set_attribute(attribute:'description', value:'The following package needs to be updated: metamail');
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
    script_set_attribute(attribute:'solution', value: 'Update the package on the remote host');
    script_set_attribute(attribute: 'see_also', value: 'http://coppermine-gallery.net/forum/index.php?topic=48106.0
    http://dircproxy.securiweb.net/ticket/89
    http://drupal.org/node/184315
    http://drupal.org/node/184316
    http://drupal.org/node/184320
    http://drupal.org/node/184348
    http://drupal.org/node/184354
    http://secunia.com/advisories/27292
    http://secunia.com/advisories/27292
    http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
    https://bugzilla.redhat.com/show_bug.cgi?id=319301');
    script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/a20082c3-6255-11d8-80e3-0020ed76ef5a.html');
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06");
     script_cvs_date("Date: 2018/07/20  0:18:52");
     script_end_attributes();
     script_summary(english:"Check for metamail");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     family["english"] = "FreeBSD Local Security Checks";
     script_family(english:family["english"]);
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/FreeBSD/pkg_info");
     exit(0);
    }
    
    # Deprecated.
    exit(0, "This plugin has been deprecated. Refer to plugin #36766 (freebsd_pkg_a20082c3625511d880e30020ed76ef5a.nasl) instead.");
    
    global_var cvss_score;
    cvss_score=7;
    include('freebsd_package.inc');
    
    
    pkg_test(pkg:"metamail<2.7_2");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-014.NASL
    descriptionTwo format string and two buffer overflow vulnerabilities were discovered in metamail by Ulf Harnhammar. The updated packages are patched to fix these holes.
    last seen2020-06-01
    modified2020-06-02
    plugin id14114
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14114
    titleMandrake Linux Security Advisory : metamail (MDKSA-2004:014)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2004:014. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14114);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2004-0104", "CVE-2004-0105");
      script_xref(name:"MDKSA", value:"2004:014");
    
      script_name(english:"Mandrake Linux Security Advisory : metamail (MDKSA-2004:014)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandrake Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two format string and two buffer overflow vulnerabilities were
    discovered in metamail by Ulf Harnhammar. The updated packages are
    patched to fix these holes."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected metamail package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:metamail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/02/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"metamail-2.7-9.1.90mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"metamail-2.7-9.1.91mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.2", reference:"metamail-2.7-9.1.92mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2004-049-02.NASL
    descriptionMetamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution. Thanks to Ulf H&auml;rnhammar for discovering these problems and providing a patch.
    last seen2020-06-01
    modified2020-06-02
    plugin id18770
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18770
    titleSlackware 8.1 / 9.0 / 9.1 / current : metamail security update (SSA:2004-049-02)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2004-049-02. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18770);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2004-0104", "CVE-2004-0105");
      script_xref(name:"SSA", value:"2004-049-02");
    
      script_name(english:"Slackware 8.1 / 9.0 / 9.1 / current : metamail security update (SSA:2004-049-02)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Metamail is a set of utilities for processing MIME mail. New metamail
    packages are available for Slackware 8.1, 9.0, 9.1, and -current.
    These fix two format string bugs and two buffer overflows which could
    lead to unauthorized code execution. Thanks to Ulf H&auml;rnhammar for
    discovering these problems and providing a patch."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bd708781"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected metamail package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:metamail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/02/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/02/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"8.1", pkgname:"metamail", pkgver:"2.7", pkgarch:"i386", pkgnum:"2")) flag++;
    
    if (slackware_check(osver:"9.0", pkgname:"metamail", pkgver:"2.7", pkgarch:"i386", pkgnum:"2")) flag++;
    
    if (slackware_check(osver:"9.1", pkgname:"metamail", pkgver:"2.7", pkgarch:"i486", pkgnum:"2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"metamail", pkgver:"2.7", pkgarch:"i486", pkgnum:"2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A20082C3625511D880E30020ED76EF5A.NASL
    descriptionUlf Harnhammar reported four bugs in metamail: two are format string bugs and two are buffer overflows. The bugs are in SaveSquirrelFile(), PrintHeader(), and ShareThisHeader(). These vulnerabilities could be triggered by a maliciously formatted email message if `metamail
    last seen2020-06-01
    modified2020-06-02
    plugin id36766
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36766
    titleFreeBSD : metamail format string bugs and buffer overflows (a20082c3-6255-11d8-80e3-0020ed76ef5a)

Redhat

advisories
rhsa
idRHSA-2004:073