Max Vozeler discovered a format string vulnerability in the “movemail” utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could have been exploited to execute arbitrary code with the privileges of the user and the “mail” group (since “movemail” is installed as “setgid mail”).
The problem can be corrected by updating your system to the following package versions:
7 February 2005
A security issue affects these releases of Ubuntu and its derivatives:
Max Vozeler discovered a format string vulnerability in the “movemail” utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could have been exploited to execute arbitrary code with the privileges of the user and the “mail” group (since “movemail” is installed as “setgid mail”).
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon