-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.23: Various security holes in metamail Topic: Various secruity holes in metamail. Advisory issue date: 24-July-1998 I. Problem Description II. Impact Description: metamail passes information obtained from a MIME message to various csh scripts. These csh scripts do not properly guard this data from being expanded by the shell. In this fashion, specially crafted MIME messages could be used to execute arbitrary commands on a remote host under the account of the receiving user. Vulnerable Systems: OpenLinux 1.0, 1.1, & 1.2 systems using metamail pacakges prior to metamail-2.7-9. III. Solution Correction: The proper solution is to Upgrade to the metamail-2.7-9 packages. Note that this release entirely removes any of the previous metamail csh scripts from your system. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: 73e284b5d3a2cabb78f9efd60de8bf25 RPMS/metamail-2.7-9.i386.rpm f5e57ac9acbbc365ad2d80c00f2f1aa0 SRPMS/metamail-2.7-9.src.rpm Upgrade with the following commands: rpm -q metamail && rpm -U metamail-2.7-9.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html This security fix closes Caldera's internal Problem Report 4057. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1998.23.txt,v 1.3 1998/07/24 13:04:02 rf Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNbiGQen+9R4958LpAQGlwQP9Hq2nPXGoy9Wc/CmgNjJrmNx1A2cmPbC/ pw75Q0tCdjNcmVjRyHtefcenjpF5mMdNsPmckEbI6lvmh6yU6PdGu1dNqAnHYF9X GCKHzcj+jYYZEVpo3cWzyrv4134qZzKquNcxIeZuVPGQel6s2vpdCkP/iXcSsCQq IsDLgAR1g8A= =RvrN -----END PGP SIGNATURE-----