Menu
▾
▴
[AMaViS-announce] ASA-2003-1: Locally Exploitable Buffer Overflow in file
|
From: Lars H. <lhe...@us...> - 2003-03-11 17:13:39
|
===========================================================================
AMaViS Security Announcement
Date: 07/03/2003
affected version(s): amavis-0.2.x, amavis-0.3.x, amavisd (all versions)
amavis-ng is _not_ affected
Vulnerability Type: buffer overflow in file(1) can be used by attacker
to execute arbitrary code under the privileges of
the user amavis runs as
Priority: urgent
Solution: upgrade to the latest version of file(1)
Author: Lars Hecking <lhe...@us...>
Advisory ID: ASA-2003-1
- ----------------------------------------------------------------------------
1. Problem description
Amavis uses the file(1) command to determine the type of files extracted from
email messages. The file(1) command contains a buffer overflow vulnerability
that can be leveraged by an attacker to execute arbitrary code under the
privileges of the user that runs amavis. In some amavis configurations, this
may be root. All versions of file(1) prior to 3.41 are presumed to be
vulnerable.
2. Impact
The vulnerability can be used to gain unauthorised access to the host that
runs amavis.
3. Solution
Download and install the latest version of file(1), 3.41, from
ftp://ftp.astron.com/pub/file/file-3.41.tar.gz.
For RedHat Linux, see
http://www.securityfocus.com/archive/1/314270/2003-03-04/2003-03-10/0
For Mandrake Linux, see
http://www.securityfocus.com/archive/1/314271/2003-03-04/2003-03-10/0
A patch for FreeBSD was suggested on the amavis-user mailing list:
http://marc.theaimsgroup.com/?l=amavis-user&m=104700245909563&w=2
We expect that all distributors of free UNIX(R)-like operating systems
will address the issue shortly.
4. Acknowledgement
The problem was first disclosed to the public by iDefense, see
http://www.securityfocus.com/archive/1/313837/2003-03-04/2003-03-10/0
5. References
http://www.amavis.org/security/asa-2003-1.txt
http://www.amavis.org/
6. Revision History
07/03/2003: Initial release
===========================================================================
|