tnef 0-123 Mail Decoder File Overwrite Vulnerability

SuSE Linux versions 6.3 and 6.4 (and possibly other Linux distributions) came packaged with tnef, a package which extracts mail compressed by Microsoft Outlook. The compressed mail includes a path and filename to write the extracted message to. A malicious email could be crafted to overwrite any file, for example, /etc/passwd - the permissions to complete this action could be gained by mailing to root.


 

Privacy Statement
Copyright 2010, SecurityFocus