Vigil@nce: GNOME, buffer overflow of gmime
February 2010 by Vigil@nce
An attacker can use long data, in order to generate an overflow
when they are encoded with UUencode by gmime.
– Severity: 2/4
– Consequences: user access/rights, denial of service of client
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 05/02/2010
IMPACTED PRODUCTS
– Fedora
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The GNOME gmime library handles various MIME sections encodings:
– quoted printable
– base64
– UUencode
The GMIME_UUENCODE_LEN() macro defines the size of data encoded by
UUencode. However, the value returned by this macro is too short
of two bytes.
An attacker can therefore use long data, in order to generate an
overflow when they are encoded with UUencode by gmime, leading to
a denial of service and possibly to code execution.
CHARACTERISTICS
– Identifiers: BID-38078, CVE-2010-0409, FEDORA-2010-1429,
FEDORA-2010-1484, VIGILANCE-VUL-9409
– Url: http://vigilance.fr/vulnerability/GNOME-buffer-overflow-of-gmime-9409