Title: KDE KMail Long Attachment Filename Denial of Service Vulnerability
Severity: MODERATE
Description:
A buffer overflow vulnerability exists in versions of kmail, up to and including version 1.0.29.1. By sending an attachment with a filename in excess of approximately 250 bytes, it is possible to cause the mail recipient's kmail to crash. It is possible that this overflow could be further exploited to actually execute remote commands on the machine the mail is read on; this has not been demonstrated, however, and it appears to not be the case.
Affected Products:
- KDE kmail
- KDE kmail 1.0.24
- KDE kmail 1.0.25
- KDE kmail 1.0.26
- KDE kmail 1.0.27
- KDE kmail 1.0.28
- KDE kmail 1.0.29
- KDE kmail 1.0.29 .1
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
