Date: Tue, 21 Mar 2000 17:06:26 -0800 (PST)
From: Katie Moussouris k8e@mail.turbolinux.com
To: tl-security-announce@turbolinux.com
Subject: [TL-Security-Announce] nmh-1.0.2 and earlier
TLSA200008-1
TurboLinux Security Announcement
Package: nmh-1.0.2 and earlier
Date: Tue Mar 21 17:42:37 PST 2000
Affected TurboLinux versions: 6.0.2 and earlier
Vulnerability Type: remote execution of shellcode
TurboLinux Advisory ID#: TLSA200008-1
BugTraq ID#: 1018
Credits: This vulnerability was posted to the Bugtraq mailing list
on
February 28, 2000 by ruud@ruud.org (Ruud de Rooij).
A security hole was discovered in the package mentioned above.
Please update the package in your installation as soon as possible
or disable the service.
1. Problem Summary
A buffer overrun exists in nmh versions 1.0.2 and prior. Due to
improper MIME header parsing, an attacker could create a MIME
message such that the mhshow utility may be used to execute shell
code when the message is viewed.
2. Impact
An attacker can use this exploit to remotely execute code on the
machine where nmh is being used to read mail. This could easily
lead to a remote root compromise.
3. Solution
Update the package from our ftp server by running the following
command:
rpm -Fv ftp_path_to_filename
Where ftp_path_to_filename is the following:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/nmh-1.0.3-0.i386.rpm
The source rpm can be downloaded here:
ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/nmh-1.0.3-0.src.rpm
**Note: You must rebuild and install the rpm if you choose to
download and install the srpm. Simply installing the srpm alone
WILL NOT CLOSE THE SECURITY HOLE.
Please verify the md5 checksum of the update before you
install:
MD5 sum Package Name
f69c396498cac8c8da72e6ea122ed456 nmh-1.0.3-0.i386.rpm
27bcd2c1cb6a8424861ce26b5304cc9c nmh-1.0.3-0.src.rpm
You can find more updates on our ftp server:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/
for TL6.0 Workstation and Server security updates
ftp://ftp.turbolinux.com/pub/updates/4.0/security/
for TL4.0 Workstation and Server security updates
Our webpage for security announcements:
http://www.turbolinux.com/security
If you want to report vulnerabilities, please contact:
Subscribe to the TurboLinux Security Mailing lists:
TL-security – A moderated list for discussing security issues in
TurboLinux products.
Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security
TL-security-announce – An announce-only mailing list for
security updates and alerts.
Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security-announce