An exploitable buffer overflow exists in Hypermail's main program, hypermail, and in Hypermail's CGI program mail.
The overflow in hypermail can be exploited by sending e-mails to the program, depending on hypermail's configuration. The overflow in mail can be exploited by setting up a DNS server with rogue data and then surfing to the CGI program.
Known vulnerable versions of Hypermail are 2.1.3, 2.1.4 and 2.1.5. Version 2.1.6 is not affected.
To upgrade via the vendor's Web site, click here.