20790 – tnef security vulnerability CVE-2017-6307, CVE-2017-6308, CVE-2017-6309, CVE-2017-6310.

Bug 20790 - tnef security vulnerability CVE-2017-6307, CVE-2017-6308, CVE-2017-6309, CVE-2017-6310.

Summary: tnef security vulnerability CVE-2017-6307, CVE-2017-6308, CVE-2017-6309, CVE...

Status:	RESOLVED DUPLICATE of bug 20343

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:

URL:	https://www.debian.org/security/2017/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-05-06 09:42 CEST by Zombie Ryushu
Modified:	2017-05-06 23:50 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	tnef
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2017-05-06 09:42:35 CEST

Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type "application/ms-tnef". Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious attachment. This would result in denial of service via application crash, or potential arbitrary code execution.

Zombie Ryushu 2017-05-06 09:43:46 CEST

URL: (none) => https://www.debian.org/security/2017/dsa-3798

Comment 1 Marja Van Waes 2017-05-06 23:50:14 CEST

Thanks for your concern, Zombie, but this already got fixed

*** This bug has been marked as a duplicate of bug 20343 ***

CC: (none) => marja11
Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.