[14154] in bugtraq
MH also vulnerable to remote attack (was Re: nmh security update)
daemon@ATHENA.MIT.EDU (Dan Harkless)
Fri Mar 3 13:34:17 2000
Message-Id: <200003030037.QAA22150@dilvish.speed.net>
Date: Thu, 2 Mar 2000 16:37:37 -0800
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Ruud de Rooij <ruud@RUUD.ORG> of "Mon, 28 Feb 2000
18:38:05 +0100." <20000228173805.B17DB3424A@hobbes.home.ruud.org>
Ruud de Rooij <ruud@RUUD.ORG> writes:
> Versions prior to 1.0.3 of the nmh package contained a vulnerability
> where incoming mail messages with carefully designed MIME headers could
> cause nmh's mhshow command to execute arbitrary shell code.
>
> This bug has been fixed in nmh 1.0.3 and we encourage you to upgrade
> immediately. The fixed package is available at
>
> ftp://ftp.mhost.com/pub/nmh/nmh-1.0.3.tar.gz
>
> The MD5sum of nmh-1.0.3.tar.gz is 02519bf8f7ff8590ecfbee9f9500ea07.
Please note that the MIME-handling code with the security hole dates back to
nmh's ancestor MH, so MH users (at least those using latter-day versions
with MIME capability) are also strongly encouraged to upgrade to nmh 1.0.3.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
