VULHUB ™

ListProc catmail has been reported prone to a buffer overflow vulnerability when handling a ULISTPROC_UMASK environment variable of excessive length. The issue is likely due to a lack of sufficient bounds checking performed when copying the contents of the ULISTPROC_UMASK environment variable into an internal memory buffer. Ultimately an attacker may exploit this vulnerability to execute arbitrary operation codes. Code execution would occur in the context of the ListProc catmail application, typically root. It should be noted that while his vulnerability has been reported to affect ListProc 8.2.09, other versions might also be affected.

ListProc catmail has been reported prone to a buffer overflow vulnerability when handling a ULISTPROC_UMASK environment variable of excessive length. The issue is likely due to a lack of sufficient bounds checking performed when copying the contents of the ULISTPROC_UMASK environment variable into an internal memory buffer. Ultimately an attacker may exploit this vulnerability to execute arbitrary operation codes. Code execution would occur in the context of the ListProc catmail application, typically root. It should be noted that while his vulnerability has been reported to affect ListProc 8.2.09, other versions might also be affected.