Signature Detail

SMTP: Metamail Header Format String 2

This signature detects SMTP messages with headers that contain format string errors. Metamail 2.7 and earlier versions are vulnerable. Because Metamail does not handle SMTP headers correctly, attackers can send maliciously crafted SMTP messages to execute arbitrary code at the same privilege level as the target (typically user). Note: Systems that typically carry non-English e-mail messages should not include this attack object in their Security Policy.

Extended Description

Metamail has been reported prone to multiple vulnerabilities that may provide for arbitrary code execution. Two buffer overflow vulnerabilities have been reported to affect Metamail. Additionally, two format string-handling vulnerabilities have been reported. These issues may also be exploited by a remote attacker to execute arbitrary code.

Affected Products

• Gentoo Linux 1.4.0
• Metamail 2.7.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux WS 2.1
• SGI ProPack 2.3.0
• SGI ProPack 2.4.0

References

• BugTraq: 9692
• CVE: CVE-2004-0104