Vulnerability Note VU#5648
Buffer Overflows in various email clients
Buffer Overflows in several MIME headers affect a large number of electronic mail clients.
A variety of electronic mail clients (circa 1998) are vulnerable to buffer overflow attacks in the code that processes MIME headers. See the vendor statements referenced below for details specific to each mail client.
An intruder can crash vulnerable mail clients, or use them to execute arbitrary code with the privileges of the user reading the mail.
Fixing the problem requires modifying each email client with an appropriate patch from the vendor.
There are several things that can be done to mitigate the risk if a patch cannot be installed.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||-||20 Sep 2001|
|Microsoft Corporation||Affected||-||20 Sep 2001|
|Mutt||Affected||-||20 Sep 2001|
|NetBSD||Affected||-||07 Aug 1998|
|Sun Microsystems Inc.||Affected||-||07 Aug 1998|
|The SCO Group (SCO Linux)||Affected||-||20 Sep 2001|
|Eric Allman||Not Affected||-||20 Sep 2001|
|Fujitsu||Not Affected||-||07 Aug 1998|
|NCR||Not Affected||-||07 Aug 1998|
|OpenBSD||Not Affected||-||20 Sep 2001|
|Pegasus Mail||Not Affected||-||11 Aug 1998|
|QUALCOMM||Not Affected||-||07 Aug 1998|
|Data General||Unknown||-||07 Aug 1998|
|Lotus Software||Unknown||07 Aug 1998||28 Aug 2000|
|The SCO Group (SCO UnixWare)||Unknown||-||07 Aug 1998|
CVSS Metrics (Learn More)
This document was written by Shawn V Hernan.
- CVE IDs: Unknown
- CERT Advisory: CA-1998-10
- Date Public: 27 Jul 98
- Date First Published: 20 Sep 2001
- Date Last Updated: 11 Apr 2003
- Severity Metric: 81.00
- Document Revision: 6
If you have feedback, comments, or additional information about this vulnerability, please send us email.