dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


TurboLinux Security Announcement: Package: nmh-1.0.2 and earlier

Mar 22, 2000, 06:52 (0 Talkback[s])
(Other stories by Katie Moussouris)

Date: Tue, 21 Mar 2000 17:06:26 -0800 (PST)
From: Katie Moussouris k8e@mail.turbolinux.com
To: tl-security-announce@turbolinux.com
Subject: [TL-Security-Announce] nmh-1.0.2 and earlier TLSA200008-1

TurboLinux Security Announcement

Package: nmh-1.0.2 and earlier
Date: Tue Mar 21 17:42:37 PST 2000

Affected TurboLinux versions: 6.0.2 and earlier
Vulnerability Type: remote execution of shellcode
TurboLinux Advisory ID#: TLSA200008-1
BugTraq ID#: 1018
Credits: This vulnerability was posted to the Bugtraq mailing list on
February 28, 2000 by ruud@ruud.org (Ruud de Rooij).


A security hole was discovered in the package mentioned above. Please update the package in your installation as soon as possible or disable the service.
1. Problem Summary

A buffer overrun exists in nmh versions 1.0.2 and prior. Due to improper MIME header parsing, an attacker could create a MIME message such that the mhshow utility may be used to execute shell code when the message is viewed.

2. Impact

An attacker can use this exploit to remotely execute code on the machine where nmh is being used to read mail. This could easily lead to a remote root compromise.

3. Solution

Update the package from our ftp server by running the following command:

rpm -Fv ftp_path_to_filename

Where ftp_path_to_filename is the following:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/nmh-1.0.3-0.i386.rpm

The source rpm can be downloaded here:

ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/nmh-1.0.3-0.src.rpm

**Note: You must rebuild and install the rpm if you choose to download and install the srpm. Simply installing the srpm alone WILL NOT CLOSE THE SECURITY HOLE.

Please verify the md5 checksum of the update before you install:

  MD5 sum                               Package Name

f69c396498cac8c8da72e6ea122ed456 nmh-1.0.3-0.i386.rpm
27bcd2c1cb6a8424861ce26b5304cc9c nmh-1.0.3-0.src.rpm

You can find more updates on our ftp server:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/ for TL6.0 Workstation and Server security updates
ftp://ftp.turbolinux.com/pub/updates/4.0/security/ for TL4.0 Workstation and Server security updates

Our webpage for security announcements:

http://www.turbolinux.com/security

If you want to report vulnerabilities, please contact:

rt-security@turbolinux.com


Subscribe to the TurboLinux Security Mailing lists:

TL-security - A moderated list for discussing security issues in TurboLinux products.

Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security

TL-security-announce - An announce-only mailing list for security updates and alerts.

Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security-announce