From: Lars H. <lhe...@us...> - 2003-03-11 17:13:39
|
=========================================================================== AMaViS Security Announcement Date: 07/03/2003 affected version(s): amavis-0.2.x, amavis-0.3.x, amavisd (all versions) amavis-ng is _not_ affected Vulnerability Type: buffer overflow in file(1) can be used by attacker to execute arbitrary code under the privileges of the user amavis runs as Priority: urgent Solution: upgrade to the latest version of file(1) Author: Lars Hecking <lhe...@us...> Advisory ID: ASA-2003-1 - ---------------------------------------------------------------------------- 1. Problem description Amavis uses the file(1) command to determine the type of files extracted from email messages. The file(1) command contains a buffer overflow vulnerability that can be leveraged by an attacker to execute arbitrary code under the privileges of the user that runs amavis. In some amavis configurations, this may be root. All versions of file(1) prior to 3.41 are presumed to be vulnerable. 2. Impact The vulnerability can be used to gain unauthorised access to the host that runs amavis. 3. Solution Download and install the latest version of file(1), 3.41, from ftp://ftp.astron.com/pub/file/file-3.41.tar.gz. For RedHat Linux, see http://www.securityfocus.com/archive/1/314270/2003-03-04/2003-03-10/0 For Mandrake Linux, see http://www.securityfocus.com/archive/1/314271/2003-03-04/2003-03-10/0 A patch for FreeBSD was suggested on the amavis-user mailing list: http://marc.theaimsgroup.com/?l=amavis-user&m=104700245909563&w=2 We expect that all distributors of free UNIX(R)-like operating systems will address the issue shortly. 4. Acknowledgement The problem was first disclosed to the public by iDefense, see http://www.securityfocus.com/archive/1/313837/2003-03-04/2003-03-10/0 5. References http://www.amavis.org/security/asa-2003-1.txt http://www.amavis.org/ 6. Revision History 07/03/2003: Initial release =========================================================================== |