Title: MNews Multiple Buffer Overflow Vulnerabilities
Severity: MODERATE
Description:
Mnews is a freely available, open source NNTP and mail client. It is designed to handle both Japanese and English character sets, and is available for the Unix and Linux operating systems.
It has been reported that MNews is vulnerable to several buffer overflow conditions. The vulnerability has been reported for MNews versions 1.22 and earlier.
MNews does not perform proper bounds checking several command line arguments. The commandline flags in question are user supplied values for the '-f', '-D', '-M', '-P' and '-n'. By supplying strings of arbitrary length in combination with one of these flags, an attacker could produce a potentially exploitable buffer overflow. This could result in local code execution on the vulnerable system, and potential elevated privileges.
As well, MNews does not perform proper bounds checking on the environment variables MAILSERVER and JNAMES. MNews performs unbounded string copying of the MAILSERVER and JNAMES environment variables to local buffers and excessively long values to the environment variables will cause the buffer overflow condition.
Affected Products:
- Matsushita Research MNews 1.2.2
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
