|
DESCRIPTION An exploitable buffer overflow has been found in the "mhshow" program, which is part of the "nmh" package. The "nmh" package includes a number of utilities for sending and receiving email. The "mhshow" is used to display messages in MIME format. By sending a message with particular MIME headers, an attacker could cause "mhshow" to execute code as the user, if the user's mail program is configured to use "mhshow". SOLUTION Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help. Required packages http://www.netwinder.org/updates/3.1-15/armv4l/nmh-1.0.3-6x.armv4l.rpm Optional packages http://www.netwinder.org/updates/3.1-15/3.1-15/SRPMS/nmh-1.0.3-6x.src.rpm REFERENCES BugTraq (Ruud de Rooij) http://www.securityfocus.com/vdb/bottom.html?vid=1018 |