VULHUB ™

AMaViS (A Mail Virus Scanner) decompresses mail encoded with Microsoft's TNEF compression scheme. Due to the implementation of this, a specially crafted compressed message could be designed to overwrite a file on the system with root access, for example /etc/passwd. AMaViS may run as root when used in conjunction with sendmail; it does not run as root with qmail, exim and postfix. See BugTraq ID 1450 for a related vulnerability.

AMaViS (A Mail Virus Scanner) decompresses mail encoded with Microsoft's TNEF compression scheme. Due to the implementation of this, a specially crafted compressed message could be designed to overwrite a file on the system with root access, for example /etc/passwd. AMaViS may run as root when used in conjunction with sendmail; it does not run as root with qmail, exim and postfix. See BugTraq ID 1450 for a related vulnerability.