VULHUB ™

SuSE Security Advisory - Tnef v0-124 and below contains a remote vulnerability. Tnef extracts eMails compressed with MS-Outlook. The compressed file includes the path name to which the decompressed data should be written. When specifing a path name like /etc/passwd and sending a compressed mail to root an adversary could gain remote root access to a system by overwriting the local password database. The same could happen if a mail virus scanner, like AMaVIS, process a malicious mail.

SuSE Security Advisory - Tnef v0-124 and below contains a remote vulnerability. Tnef extracts eMails compressed with MS-Outlook. The compressed file includes the path name to which the decompressed data should be written. When specifing a path name like /etc/passwd and sending a compressed mail to root an adversary could gain remote root access to a system by overwriting the local password database. The same could happen if a mail virus scanner, like AMaVIS, process a malicious mail.