vendor:
/bin/mail Utility
by:
Mark
7,5
CVSS
HIGH
Buffer Overrun
120 (Buffer Copy without Checking Size of Input)
CWE
Product Name: /bin/mail Utility
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Redhat 9.0, Slackware 8.1, Slackware 9.0, Debian 3.0
2002
Buffer Overrun in Linux /bin/mail Utility
A vulnerability has been discovered in the Linux /bin/mail utility. The problem occurs when processing excessive data within the carbon copy field. Due to insufficient bounds checking while parsing this information it may be possible to trigger a buffer overrun. An attacker could exploit this issue to execute arbitrary commands.
Mitigation:
Ensure that the /bin/mail utility is up to date and that all security patches have been applied.
