Debian Security Advisory
nmh -- remote exploit in nmh
- Date Reported:
- 28 Feb 2000
- Affected Packages:
- nmh
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0196.
- More information:
- The version of nmh that was distributed in Debian GNU/Linux 2.1 (aka slink) did not check incoming mail messages properly. This could be exploited by using carefully designed MIME headers to trick mhshow into executing arbitrary shell code. This has been fixed in version 0.27-0.28-pre8-4. We recommend you upgrade your nmh package immediately.
- Fixed in:
-
- Source:
- http://security.debian.org/dists/slink/updates/source/nmh_0.27-0.28-pre8-4.diff.gz
- http://security.debian.org/dists/slink/updates/source/nmh_0.27-0.28-pre8-4.dsc
- http://security.debian.org/dists/slink/updates/source/nmh_0.27-0.28-pre8.orig.tar.gz
- alpha:
- http://security.debian.org/dists/slink/updates/binary-alpha/nmh_0.27-0.28-pre8-4_alpha.deb
- i386:
- http://security.debian.org/dists/slink/updates/binary-i386/nmh_0.27-0.28-pre8-4_i386.deb
- m68k:
- http://security.debian.org/dists/slink/updates/binary-m68k/nmh_0.27-0.28-pre8-4_m68k.deb
- sparc:
- http://security.debian.org/dists/slink/updates/binary-sparc/nmh_0.27-0.28-pre8-4_sparc.deb