vendor:
ELM Mail User Agent, patched for Korean E-Mail
by:
kokaninATdtors.net and zillionATsafemode.org
7,2
CVSS
HIGH
Buffer Overrun
120
CWE
Product Name: ELM Mail User Agent, patched for Korean E-Mail
Affected Version From: ELM Mail User Agent, patched for Korean E-Mail 2.4h4.1
Affected Version To: ELM Mail User Agent, patched for Korean E-Mail 2.4h4.1
Patch Exists: YES
Related CWE: N/A
CPE: elm
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: FreeBSD 4.7-RELEASE
2002
Buffer Overrun in Elm
A buffer overrun has been discovered in Elm. The problem occurs due to insufficient bounds checking performed before copying user-supplied data into an internal memory buffer. Specifically, a TERM environment variable containing excessive data would cause a buffer within Elm to be overrun. As Elm is installed setgid on some systems, the exploitation of this vulnerability could potentially allow for the elevation of local privileges.
Mitigation:
Ensure that all user-supplied data is properly validated before being used.