Package: libgnumail-java Version: 1.0 Severity: normal Tags: security CAN-2005-1105 describes a vulnerability in the JavaMail API:
MimeBodyPart.getFileName () method in the JavaMail API doesn't properly validate filename attribute in Content-Disposition header, which makes it vulnerable to directory traversal attacks. Successful exploitation of this vulnerability allows writing arbitrary content in any directory accessible to the servlet running JavaMail. http://marc.theaimsgroup.com/?l=bugtraq&m=111335615600839&w=2 Multiple imeplementations of this API are vulnerable, including libgnumail-java. Unless each program using libgnumail-java does its own checks of the filename for directory traversal attacks, this lack of sanity checking can allow overwriting of a user's files. I think this security hole is fairly theoretical at the moment since it seems only ant in Debian uses libgnumail-java, and it seems to only use it to send mail. -- see shy jo
signature.asc
Description: Digital signature
