COMMAND

    dtmail

SYSTEMS AFFECTED

    Solaris 2.6,  2.6_x86, 2.5.1,  2.5.1_x86, 2.5,  2.5_x86, 2.4,  and
    2.4_x86 running CDE

PROBLEM

    Following is  based on  Sun Microsystems  Security Bulletin.   The
    dtmail  program  is  the  mail  user  agent for the Common Desktop
    Environment (CDE). dtmail provides an intuitive, easy-to-use  user
    interface  for  reading,  sending,  and  managing electronic mail.
    Several buffer overflows  have been found  in dtmail with  regards
    to  its  handling  of  attachments.  A remote attacker may exploit
    these vulnerabilities to  execute arbitrary instructions  with the
    privileges of mail and that of the user reading the email.

SOLUTION

    Sun recommends that you install the respective patches immediately
    on affected systems:

        CDE Version         Patch ID
        -----------         --------
        1.2                 105338-14
        1.2_x86             105339-12
        1.0.2               104178-03
        1.0.2_x86           104185-03
        1.0.1               106920-01
        1.0.1_x86           106921-01