Description
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
Affected products
- altlinux / alt_linux2.3 – 2.3
- altlinux / alt_linux2.3 – 2.3
- gentoo / linux
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / fedora_corecore_3.0 – core_3.0
- RedHat / linux_advanced_workstation2.1 – 2.1
- RedHat / linux_advanced_workstation2.1 – 2.1
- sylpheed / sylpheed1.0.1 – 1.0.1
- sylpheed / sylpheed0.8.11 – 0.8.11
- sylpheed / sylpheed1.0.2 – 1.0.2
- sylpheed / sylpheed0.9.4 – 0.9.4
- sylpheed / sylpheed0.9.5 – 0.9.5
- sylpheed / sylpheed0.9.6 – 0.9.6
- sylpheed / sylpheed0.9.7 – 0.9.7
- sylpheed / sylpheed0.9.8 – 0.9.8
- sylpheed / sylpheed0.9.9 – 0.9.9
- sylpheed / sylpheed0.9.10 – 0.9.10
- sylpheed / sylpheed0.9.11 – 0.9.11
- sylpheed / sylpheed0.9.12 – 0.9.12
- sylpheed / sylpheed0.9.99 – 0.9.99
- sylpheed / sylpheed1.0.0 – 1.0.0
- sylpheed-claws / sylpheed-claws1.0.2 – 1.0.2
References
- MISChttp://sylpheed.good-day.net/changelog-devel.html.en
- MISChttp://securitytracker.com/id?1013376
- MISChttp://www.redhat.com/support/errata/RHSA-2005-303.html
- MISChttp://www.gentoo.org/security/en/glsa/glsa-200503-26.xml
- MISChttp://sylpheed.good-day.net/changelog.html.en
- VENDOR_ADVISORYhttp://secunia.com/advisories/14491