DSA-141-1 mpack -- buffer overflow

Debian Security Advisory

DSA-141-1 mpack -- buffer overflow

Date Reported:

01 Aug 2002

Affected Packages:

mpack

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 5385.
In Mitre's CVE dictionary: CVE-2002-1425.

More information:

Eckehard Berns discovered a buffer overflow in the munpack program which is used for decoding (respectively) binary files in MIME (Multipurpose Internet Mail Extensions) format mail messages. If munpack is run on an appropriately malformed email (or news article) then it will crash, and perhaps can be made to run arbitrary code.

Herbert Xu reported a second vulnerability which affected malformed filenames that refer to files in upper directories like "../a". The security impact is limited, though, because only a single leading "../" was accepted and only new files can be created (i.e. no files will be overwritten).

Both problems have been fixed in version 1.5-5potato2 for the old stable distribution (potato), in version 1.5-7woody2 for the current stable distribution (woody) and in version 1.5-9 for the unstable distribution (sid).

We recommend that you upgrade your mpack package immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2.dsc

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2.diff.gz

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_i386.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_m68k.deb

PowerPC:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_powerpc.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_sparc.deb

Debian GNU/Linux 3.0 (woody)

Source:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2.dsc

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2.diff.gz

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_ia64.deb

HP Precision:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_sparc.deb

MD5 checksums of the listed files are available in the original advisory.