SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (E-mail Client)  >   Mutt Vendors:   Mutt.org
(Debian Issues Fix) Mutt E-mail Client Buffer Overflow May Let Remote Users Cause Arbitary Commands to Be Executed on the Mutt User's Host
SecurityTracker Alert ID:  1003090
SecurityTracker URL:  http://securitytracker.com/id/1003090
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 2 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): mutt-1.2.5 and 1.3.24 and prior releases
Description:   A buffer overflow vulnerability was reported in the Mutt e-mail client that may allow remote users to cause arbitrary commands to be executed by another user's Mutt e-mail client.

It is reported that this vulnerability is remotely exploitable. The bug is apparently due to a one byte buffer overflow. No other details on the vulnerability were provided.

Impact:   A remote user may be able to create an e-mail message that, when viewed by another user with the Mutt client, will cause arbitrary commands to be executed by the Mutt client with the privileges of the user running Mutt.
Solution:   The vendor has released a fix for Debian GNU/Linux 2.2 alias potato. Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At this moment packages for sparc are not yet available.

Source archives:
http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.diff.gz
MD5 checksum: 04f7c13c3bf6a1d4fcb4bf1a594522a1
http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.dsc
MD5 checksum: 0ba73a6dd8029339329c27b56087ebce
http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5.orig.tar.gz
MD5 checksum: 0ba5367059abdd55daceb82dce6be42f

Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/mutt_1.2.5-5_alpha.deb
MD5 checksum: b206557565607833551219ff67737cd4

ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/mutt_1.2.5-5_arm.deb
MD5 checksum: 57c0c2602c3bfde3f459f01515432eac

Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/mutt_1.2.5-5_i386.deb
MD5 checksum: d72fa58b0914762674648a68d410b4b9

Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/mutt_1.2.5-5_m68k.deb
MD5 checksum: 266c451cee06693e7f40917b0465981a

PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/mutt_1.2.5-5_powerpc.deb
MD5 checksum: aec60dae6148ac9da29c111e70ea77b0

These packages will be moved into the stable distribution on its next revision.

For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/

See the Source Message for the vendor's advisory containing directions on how to apply the appropriate fix.

Vendor URL:  www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Debian)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 2 2002 Mutt E-mail Client Buffer Overflow May Let Remote Users Cause Arbitary Commands to Be Executed on the Mutt User's Host



 Source Message Contents

Date:  Wed, 2 Jan 2002 18:38:43 +0100
Subject:  [SECURITY] [DSA-096-1] mutt buffer overflow


-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory DSA-096-1                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
January  2, 2002
- ------------------------------------------------------------------------


Package        : mutt
Problem type   : buffer overflow
Debian-specific: no

Joost Pol found a buffer overflow in the address handling code of
mutt (a popular mail user agent). Even though this is a one byte
overflow this is exploitable.

This has been fixed upstream in version 1.2.5.1 and 1.3.25. The
relevant patch has been added to version 1.2.5-5 of the Debian
package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  At this moment packages for sparc are not yet available.

  Source archives:
    http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.diff.gz
      MD5 checksum: 04f7c13c3bf6a1d4fcb4bf1a594522a1
    http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.dsc
      MD5 checksum: 0ba73a6dd8029339329c27b56087ebce
    http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5.orig.tar.gz
      MD5 checksum: 0ba5367059abdd55daceb82dce6be42f

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/main/binary-alpha/mutt_1.2.5-5_alpha.deb
      MD5 checksum: b206557565607833551219ff67737cd4

  ARM architecture:
    http://security.debian.org/dists/stable/updates/main/binary-arm/mutt_1.2.5-5_arm.deb
      MD5 checksum: 57c0c2602c3bfde3f459f01515432eac

  Intel IA-32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/mutt_1.2.5-5_i386.deb
      MD5 checksum: d72fa58b0914762674648a68d410b4b9

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-m68k/mutt_1.2.5-5_m68k.deb
      MD5 checksum: 266c451cee06693e7f40917b0465981a

  PowerPC architecture:
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/mutt_1.2.5-5_powerpc.deb
      MD5 checksum: aec60dae6148ac9da29c111e70ea77b0

  These packages will be moved into the stable distribution on its next
  revision.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- -- 
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBPDNFlajZR/ntlUftAQHLowMAlDOIzMX02myWrdk4h487ZxhPBK86i47O
C8cDu9p4O4+39HkZNU+YNQs3+wZT5JaYnrBBiYryjDDqxXhzMDwbKYv534QuNZH9
t/1AsqUXp+veutwpWXuFT742TwsiCtW4
=xDVb
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC