Metamail Corporation Metamail vulnerabilities

CVE-2006-0709 [HIGH] CVE-2006-0709: Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105.

CVE-2004-1808 [LOW] CVE-2004-1808: Extcompose in metamail does not verify the output file before writing to it, which allows local user Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.

CVE-2004-0105 [HIGH] CVE-2004-0105: Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary co Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

CVE-2004-0104 [HIGH] CVE-2004-0104: Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

CVE-1999-1263 [LOW] CVE-1999-1263: Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message c Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.

CVE-1999-1261 [MEDIUM] CVE-1999-1261: Buffer overflow in Rainbow Six Multiplayer allows remote attackers to cause a denial of service, and Buffer overflow in Rainbow Six Multiplayer allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long nickname (nick) command.

CVE-1999-1266 [MEDIUM] CVE-1999-1266: rsh daemon (rshd) generates different error messages when a valid username is provided versus an inv rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system.