Test ID:	1.3.6.1.4.1.25623.1.0.52781
Category:	Fedora Local Security Checks
Title:	Fedora Legacy Security Advisory FLSA-2004:1305
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory FLSA-2004:1305. Ulf Harnhammar discovered two integer overflow bugs and two buffer overflow bugs in versions of Metamail up to and including 2.7. An attacker could create a carefully-crafted message such that when it is opened by a victim and parsed through Metamail, it runs arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0104 and CVE-2004-0105 to these issues. Users of Red Hat Linux 7.2 and 7.3 are advised to upgrade to these erratum packages, which contain a backported security patch and are not vulnerable to these issues. Please note that Red Hat Linux 8 or newer does not contain Metamail and is therefore not vulnerable to these issues. Red Hat would like to thank Michal Jaegermann for notification of this issue, and Ulf Harnhammar for the patch for these issues. Affected platforms: Redhat 7.2 Redhat 7.3 Solution: http://www.securityspace.com/smysecure/catid.html?in=FLSA-2004:1305 http://www.redhat.com/support/errata/RHSA-2004-073.html Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0104 BugTraq ID: 9692 http://www.securityfocus.com/bid/9692 Bugtraq: 20040218 metamail format string bugs and buffer overflows (Google Search) http://marc.info/?l=bugtraq&m=107713476911429&w=2 CERT/CC vulnerability note: VU#518518 http://www.kb.cert.org/vuls/id/518518 Computer Incident Advisory Center Bulletin: O-083 http://www.ciac.org/ciac/bulletins/o-083.shtml Debian Security Information: DSA-449 (Google Search) http://www.debian.org/security/2004/dsa-449 http://www.mandriva.com/security/advisories?name=MDKSA-2004:014 http://www.redhat.com/support/errata/RHSA-2004-073.html http://secunia.com/advisories/10908 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html XForce ISS Database: metamail-contenttype-format-string(15245) https://exchange.xforce.ibmcloud.com/vulnerabilities/15245 XForce ISS Database: metamail-printheader-format-string(15259) https://exchange.xforce.ibmcloud.com/vulnerabilities/15259 Common Vulnerability Exposure (CVE) ID: CVE-2004-0105 CERT/CC vulnerability note: VU#513062 http://www.kb.cert.org/vuls/id/513062 XForce ISS Database: metamail-printheader-nonascii-bo(15247) https://exchange.xforce.ibmcloud.com/vulnerabilities/15247 XForce ISS Database: metamail-splitmail-subject-bo(15258) https://exchange.xforce.ibmcloud.com/vulnerabilities/15258
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.