PT-2019-15699 · Tnef+2 · Tnef+2

Paul Dreik

Publicado

2019-11-11

Atualizado

2024-08-06

CVE-2019-18849

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions tnef versions prior to 1.4.18

Description The issue allows an attacker to potentially write to the victim's .ssh/authorized keys file via a crafted winmail.dat application/ms-tnef attachment in an email message. This is due to a heap-based buffer over-read involving the strdup function.

Recommendations For versions prior to 1.4.18, update to version 1.4.18 or later to resolve the issue. As a temporary workaround, consider restricting the handling of winmail.dat attachments to minimize the risk of exploitation.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2019-3194

ALT-PU-2024-10571

CVE-2019-18849

DLA-2005-1

DLA-2748-1

MGASA-2019-0367

ROSA-SA-2023-2173

USN-4524-1

Produtos afetados

Alt Linux

Ubuntu

Tnef

PT-2019-15699 · Tnef+2 · Tnef+2

CVE-2019-18849

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23