Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Slackware: buffer overflow in Mutt

Slackware: buffer overflow in Mutt

by Nikola Strahija on April 2nd, 2003 Several buffer overflows were found in the IMAP code of Mutt, which could allow denial of service and arbitrary code execution.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Mutt buffer overflow in IMAP support

The mutt mail client packages in Slackware 8.1 and 9.0 have been
upgraded to mutt-1.4.1i to fix a security problem discovered by
Core Security Technologies. This issue may allow a remote
attacker controlling a malicious IMAP server to execute code on
your machine as the user running mutt if you connect to the IMAP
server using mutt.

All sites running mutt are advised to upgrade.

More information on the problem can be found here:

http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Sat Mar 29 13:46:36 PST 2003
patches/packages/mutt-1.4.1i-i386-1.tgz: Upgraded to mutt-1.4.1i.
From www.mutt.org:
Mutt 1.4.1 and 1.5.4 were released on March 19, 2003. These
releases both fix a buffer overflow identified by Core Security
Technologies. The only differences between 1.4 and 1.4.1 are bug
fixes. If you are currently using 1.4, it's probably a very good
idea to update.
(* Security fix *)
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mutt-1.4.1i-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mutt-1.4.1i-i386-1.tgz



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.1 package:
e39aa947e54ffe27b44f7f5a8c7d3eed mutt-1.4.1i-i386-1.tgz

Slackware 9.0 package:
cde2991aaa4d41fb82a983555b347e64 mutt-1.4.1i-i386-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade mutt using upgradepkg (as root):

upgradepkg mutt-1.4.1i-i386-1.tgz



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »