FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tnef -- An attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message

Affected packages
tnef < 1.4.18

Details

VuXML ID 776aaafc-939f-11ef-87ad-a8a15998b5cb
Discovery 2019-11-11
Entry 2024-10-26

cve@mitre.org reports:

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.

[source]

References

CVE Name CVE-2019-18849
URL https://nvd.nist.gov/vuln/detail/CVE-2019-18849

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.