SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   UUDeview Vendors:   Pilhofer, Frank
UUDeview MIME Buffer Overflow May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1009291
SecurityTracker URL:  http://securitytracker.com/id/1009291
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 2 2004
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.5.19 and prior versions
Description:   A buffer overflow vulnerability was reported in the processing of MIME files. A remote user may be able to cause arbitrary code to be executed on a target user's system.

It is reported that a remote user can create a malicious MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions) that, when processed by a target user, will cause UUDeview to crash or execute arbitrary code. The code will run with the privileges of the target user or application.

This issue was originally reported by iDEFENSE in their advisory regarding WinZip:

http://www.idefense.com/application/poi/display?id=76&type=vulnerabilities

Impact:   A remote user can cause arbitrary code to be executed on a target user's computer when the target user processes a malicious MIME file. The specific impact depends on how UUDeview is implemented on the target system.
Solution:   The vendor has issued a fixed version (0.5.20), available at:

http://www.fpx.de/fp/Software/UUDeview/

Vendor URL:  www.fpx.de/fp/Software/UUDeview/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 29 2004 (Gentoo Issues Fix) UUDeview MIME Buffer Overflow May Let Remote Users Execute Arbitrary Code
Gentoo has released a fix.



 Source Message Contents

Subject:  http://www.fpx.de/fp/Software/UUDeview/


http://www.fpx.de/fp/Software/UUDeview/

 > Version 0.5.20 fixes a buffer overflow problem that existed in versions up
 > to and including 0.5.19.
 > All users are encouraged to upgrade.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC