From owner-announce-jp@jp.freebsd.org  Mon Apr  3 10:25:12 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id KAA12763;
	Mon, 3 Apr 2000 10:25:12 +0900 (JST)
	(envelope-from owner-announce-jp@jp.FreeBSD.org)
Message-Id: <200004011832.DAA20339@mail.geocities.co.jp>
To: announce-jp@jp.freebsd.org
In-Reply-To: <20000320063145.8E1A037B528@hub.freebsd.org>
References: <20000320063145.8E1A037B528@hub.freebsd.org>
X-Mailer: Mew version 1.94 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Sun, 02 Apr 2000 02:28:01 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 990905(IM130)
X-ML-maintainer: owner-announce-jp@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: announce-jp 411
Subject: Re: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:07.mh
 [REVISED]
Errors-To: owner-announce-jp@jp.freebsd.org
Sender: owner-announce-jp@jp.freebsd.org


 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:07.mh [REVISED]
  From: FreeBSD Security Officer <security-officer@freebsd.org>
  Date: Sun, 19 Mar 2000 22:31:45 -0800 (PST)
  Message-Id: <20000320063145.8E1A037B528@hub.freebsd.org>
  X-Sequence: announce-jp 404

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,(B
 $B;29M$N$?$a$KDs6!$9$k$b$N$G(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B $B$=$NFbMF$K$D$$$F(B
 $B$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B. $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B,
 doc-jp@jp.freebsd.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-00:07                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	mh/nmh/exmh/exmh2 ports allow remote execution of binary code

$BJ,N`(B:           ports
$B%b%8%e!<%k(B:     mh/nmh/exmh/exmh2
$B9pCNF|(B:         2000-03-15
$B2~D{F|(B:	        2000-03-19
$B1F6AHO0O(B:       $B=$@5F|0JA0$N(B Ports collection
$B=$@5F|(B:         [$B0J2<$K$"$k>\:Y$J5-=R$r$4Mw$/$@$5$$(B]
		4.0-RELEASE $B$G$O$9$Y$F=$@5:Q$_$G$9(B.
		mh: 2000-03-04
		nmh: 2000-02-29
		exmh: 2000-03-05
		exmh2: 2000-03-05
FreeBSD $B$K8GM-$+(B:   NO

I.   $BGX7J(B - Background

MH $B$*$h$S(B, $B$=$N8e7Q$G$"$k(B NMH $B$O(B, $B?M5$$N$"$k%a!<%k%f!<%6%(!<%8%'%s%H$G$9(B.  
$B$^$?(B, EXMH $B$H(B EXMH2 $B$O(B, TCL/TK $B$r4pK\$H$7$?(B MH $B%7%9%F%`$N%U%m%s%H%(%s%I$G$9(B.  
$BF|K\8lHG(B MH, EXMH2 $B$N(B port $B$bB8:_$7$^$9$,(B, $B$=$l$i$OJL8D$K3+H/$5$l$F$$$k$?$a(B, 
$B$3$3$G=R$Y$i$l$F$$$kLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

II.  $BLdBj$N>\:Y(B - Problem Description

MIME attachments ($BLuCm(B: $B$$$o$f$kE:IU%U%!%$%k$N$3$H(B.  
$B0J2<(B, attachments $B$r!VE:IU%U%!%$%k!W$HI=5-$7$^$9(B) $B$NI=<($K;HMQ$5$l$k(B
mhshow $B%3%^%s%I$K$O(B, $BFCJL$K$D$/$i$l$?%a!<%kE:IU%U%!%$%k$K$h$C$F(B
$B0-MQ$5$l$k2DG=@-$N$"$k%P%C%U%!%*!<%P%U%m!<LdBj$,B8:_$7$^$9(B.  
$B$=$N$?$a(B, $BE:IU%U%!%$%k$r3+$/:]$K(B, $B%m!<%+%k%f!<%6$N8"8B$G(B
$BG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9(B.  

mh/nmh/exmh/exmh2 $B$N(B ports $B$O(B, $B%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B, 
FreeBSD $B%7%9%F%`$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.  
$B$=$l$i$O(B, 3100 $B$rD6$($k%5!<%I%Q!<%F%#@=$N%"%W%j%1!<%7%g%s$,(B
$B$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B
FreeBSD Ports Collection $B$N0lIt$G$9(B.  FreeBSD 4.0-RELEASE $B$K4^$^$l$k(B
Ports Collection $B$K$O(B, $B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$K(B
$BBP$7$FBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B. 

III. $B1F6AHO0O(B - Impact

$B967b<T$O%a!<%k%a%C%;!<%8$N0lIt$H$7$F0-0U$N$"$k(B MIME $BE:IU%U%!%$%k$rAw$j(B, 
$B$=$N%U%!%$%k$r3+$$$?%f!<%6$N8"8B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9(B.  

mh/nmh/exmh/exmh2 $B$N(B ports $B$b$7$/$O(B packages $B$r0l$D$b%$%s%9%H!<%k$7$F$$$J$1$l$P(B, 
$B%7%9%F%`$K%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

$BF|K\8lHG(B MH $B$O3hH/$K3+H/$,B3$1$i$l$F$*$j(B, $B$3$NLdBj$O:rG/$N$&$A$K(B
$B=$@5$5$l$F$$$^$9(B.  $B$7$?$,$C$F(B, ja-mh $B$*$h$S(B ja-exmh2 $B$N(B port $B$O(B, 
$B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$OB8:_$7$J$$$H9M$($i$l$^$9(B.  

IV.  $BBP1~:v(B - Workaround

1) /usr/local/bin/mhshow $B$K$"$k(B mhshow $B$N%P%$%J%j%U%!%$%k$r:o=|$7$F$/$@$5$$(B.  
   $B$3$l$K$h$j(B, mh/nmh/exmh/exmh2 $B$G(B MIME $BE:IU%U%!%$%k$r(B
   $B1\Mw$9$k$3$H$O$G$-$J$/$J$j$^$9(B.  

2) mh/nmh/exmh/exmh2 $B$N(B ports $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O(B, 
   $B$=$l$i$r:o=|$7$F$/$@$5$$(B.  

V.   $B=$@5=hCV(B - Solution

$B1Q8lHG$N(B MH $B$O$b$O$d3hH/$J3+H/$,9T$J$o$l$F$$$J$$$?$a(B, $B8=:_$N$H$3$m(B
$B=$@5HG$OB8:_$7$^$;$s(B.  $B$^$?(B, $B>-MhE*$K=$@5HG$,3+H/$5$l$k$+$I$&$+$bITL@$G$9(B.  
$B$=$N$?$a(B, MH $B$rMxMQ$9$k$N$G$O$J$/(B, NMH $B$K99?7$9$k$3$H$r8!F$$7$F$/$@$5$$(B.  
NMH $B$O(B MH $B$N8e7Q$H$7$F@_7W$5$l$?%=%U%H%&%'%"$G$9(B.  EXMH $B$H(B EXMH2 $B$O(B, 
$BN>J}$H$b(B MH $B$NBe$o$j$K(B NMH $B$rMxMQ$7$F%3%s%Q%$%k$9$k$3$H$,$G$-$^$9(B($B8=:_$N(B
$B%G%U%)%k%H$b$=$&$J$C$F$$$^$9(B).  $B$^$?(B, NMH $B$r:F%$%s%9%H!<%k$7$?>l9g$K$O(B, 
$B%$%s%9%H!<%k8e$K(B EXMH/EXMH2 $B$r:F%3%s%Q%$%k$9$kI,MW$O$"$j$^$;$s(B.  

$B=$@5=hCV(B:
    mail/mh $B$b$7$/$O(B mail/nmh $B$N5l%P!<%8%g%s$N(B ports $B$r$9$Y$F:o=|$7(B, 
    $B<!$N$$$:$l$+$N<j=g$K=>$C$F$/$@$5$$(B.  

1) Ports Collection $BA4BN$r99?7$7$F(B, mail/nmh $B$N(B ports $B$r:F%3%s%Q%$%k$9$k(B.  

2) $B0J2<$N>l=j$+$i?7$7$$(B package $B$rF~<j$7$F%$%s%9%H!<%k$9$k(B.  

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/nmh-1.0.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/nmh-1.0.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/nmh-1.0.3.tgz

3) $B0J2<$N>l=j$+$i(B nmh $B$N(B $B?7$7$$(B port $B%9%1%k%H%s$r%@%&%s%m!<%I$7(B, 
   $B$=$l$rMxMQ$7$F(B nmh $B$N(B port $B$r:F%3%s%Q%$%k$9$k(B.  

http://www.freebsd.org/ports/

4) portcheckout $B%f!<%F%#%j%F%#$r;H$&$H(B, $B>e5-(B (3) $B$r<+F0E*$K(B
   $B9T$J$&$3$H$,$G$-$^$9(B.  portcheckout $B$O(B,
   /usr/ports/devel/portcheckout $B$d(B, $B0J2<$N>l=j$+$iF~<j2DG=$G$9(B. 

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz

VI.   $B99?7MzNr(B - Revision history

v1.0  2000-03-15   Initial release
v1.1  2000-03-19   Update to note that the japanese-localized ports are not
                   vulnerable

v1.0  2000-03-15   $B=iHG$N8x3+(B
v1.1  2000-03-19   $BF|K\8lHG(B ports $B$K$O%;%-%e%j%F%#>e$N<eE@$,(B
                   $BB8:_$7$J$$$3$H$K4X$9$kCm5-$NDI2C(B
