Home page logo
/

bugtraq logo Bugtraq mailing list archives

GLSA: mutt (200303-19)
From: Daniel Ahlberg <aliz () gentoo org>
Date: Sat, 22 Mar 2003 19:19:38 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-19
- - ---------------------------------------------------------------------

          PACKAGE : mutt
          SUMMARY : buffer overflow
             DATE : 2003-03-22 18:19 UTC
          EXPLOIT : local
VERSIONS AFFECTED : <1.4.1
    FIXED VERSION : >=1.4.1
              CVE : CAN-2003-0140

- - ---------------------------------------------------------------------

- From advisory:

"By controlling a malicious IMAP server and providing a specially 
crafted folder, an attacker can crash the mail reader and possibly 
force execution of arbitrary commands on the vulnerable system with 
the privileges of the user running Mutt."

Read the full advisory at:
http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/mutt upgrade to mutt-1.4.1 as follows:

emerge sync
emerge mutt
emerge clean

- - ---------------------------------------------------------------------
aliz () gentoo org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+fKkyfT7nyhUpoZMRAkw6AKCmyIFHKpT4dpk4eafeuVw9M1zFZQCeI48z
7dK4rjkZJCsYlIk5Yk5Fd/c=
=acwA
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • GLSA: mutt (200303-19) Daniel Ahlberg (Mar 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault