Re: [hypermail] Hypermail Security Fixes

From: kent landfield <>
Date: Thu, 27 Feb 2003 13:35:21 -0600 (CST)
Message-Id: <>

It is also available from the main distribution site at

The file '' is always a link to most current stable version.

Peter C. McCluskey writes:
> Version 2.1.7 is now available on Sourceforge:
> It should be understood that no known exploits exist at present for
> the security issues listed below. This proactive review of the code
> was taken to better secure hypermail. It is unclear whether any
> exploits were possible on a typical installation.
> Problems in utility programs other than the main Hypermail binary:
> Temp file race conditions were potentially possible in msg2archive.c
> and in mbox2hypermail.c (in the archive directory). They have been corrected.
> popen was used in the mail utility and the archive/msg2archive utility.
> msg2archive usage: The 'msg2archive' utility can be useful for archiving
> mail into mailboxes as well as calling hypermail. In order to be
> exploited, the administrator would have had to install it with special
> privileges (such as setuid) which has never been needed or suggested.
> The level of potential exposure is low. Nevertheless, the utility has
> been modified to better protect against abuse.
> Mail usage: The 'mail' utility was not installed by default and has not
> been for the last two years. In any case, the hypermail development
> team has determined that the 'mail' utility is a historic relic and
> will not be supplied in future versions. Its functionality has been
> replaced with a warning that anyone using it should remove it immediately.
> Security-related changes to the main Hypermail program:
> Fixed a possible buffer overflow with long filenames in uuencoded attachments.
> This appears to have been a risk only on systems where MAXPATHLEN or PATH_MAX
> was defined in system headers to be less than 1024.
> Disabled conversion of file:// into href - it seemed to allow anyone
> who could access the web server via localhost to read any file
> that the web server had permission to read rather than just files
> in the archive directory.
> Fixed and replaced various non-bound-checking code parts to
> avoid possible code execution or denial-of-service conditions.
> Replaced sprintfs with snprintfs to do bounds checking in places where it
> was hard to tell whether buffer overflows were possible.
> Limited the length of "Subject" and alike to avoid denial of service attacks
> while calling alloc.
> Changes unrelated to security:
> Fixed decoding of non-ascii headers.
> Fixed append option (was discarding some lines).
> Fixed random core dumps with files_by_thread option.
> Fixed compile problems on SunOS and Alpha running TRU64.
> See the Changelog for further details.
> The Hypermail Development Team would like to greatly thank
> Thomas Biege <> for assisting us with this
> review.
> --
> ------------------------------------------------------------------------------
> Peter McCluskey |
> |

Kent Landfield             |  HYPERMAIL: 
Email:  |  RFCS:
Received on Thu 27 Feb 2003 10:20:48 PM GMT

This archive was generated by hypermail 2.3.0 : Sat 13 Mar 2010 03:46:12 AM GMT GMT