A remote overflow exists in several mail user agents (MUAs). The MUAs fail to properly cope with tags that identify an attachment, resulting in a buffer overflow. With a specially crafted e-mail, an attacker can potentially execute arbitrary code resulting in a loss of confidentiality and/or integrity.

According to Netscape, this vulnerability does not apply to versions of Communicator for Windows or Macintosh.

Upgrade to the proper version depending on the MUA installed, according to the vendor advisories, as they have been reported to fix this vulnerability. An upgrade is required as there are no known client side workarounds.

Sendmail has implemented a patch that can be implemented as a workaround if used as an MTA. The patch is listed in the external references.

• ISS X-Force ID: 1217
• Bugtraq ID: 125
• CVE ID: 1999-0004 (see also: NVD)
• CERT VU: 5648
• CERT: CA-1998-10
• Vendor Specific Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/175
  http://wp.netscape.com/security/notes/details.html#8
• Generic Informational URL: http://www.sendmail.org/ftp/past-releases/sendmail.8.9.1a.patch.README
• CIAC Advisory: i-077b
• Microsoft Security Bulletin: MS99-008

• Ari Takanen and Marko Laakso - Oulu University Secure Programming Group