Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Gentoo 200303-19: buffer overflow in mutt

Gentoo 200303-19: buffer overflow in mutt

by Nikola Strahija on March 23rd, 2003 A buffer overflow exist in the IMAP client code of the mail user agent Mutt. It is possible for a remote attacker to run arbitrary commands with the privileges of the user running Mutt.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-19
- - ---------------------------------------------------------------------

PACKAGE : mutt
SUMMARY : buffer overflow
DATE : 2003-03-22 18:19 UTC
EXPLOIT : local
VERSIONS AFFECTED : <1.4.1
FIXED VERSION : >=1.4.1
CVE : CAN-2003-0140

- - ---------------------------------------------------------------------

- From advisory:

"By controlling a malicious IMAP server and providing a specially
crafted folder, an attacker can crash the mail reader and possibly
force execution of arbitrary commands on the vulnerable system with
the privileges of the user running Mutt."

Read the full advisory at:
http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/mutt upgrade to mutt-1.4.1 as follows:

emerge sync
emerge mutt
emerge clean

- - ---------------------------------------------------------------------
[email protected] - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+fKkyfT7nyhUpoZMRAkw6AKCmyIFHKpT4dpk4eafeuVw9M1zFZQCeI48z
7dK4rjkZJCsYlIk5Yk5Fd/c=
=acwA
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »