[Full-Disclosure] GLSA: mutt (200303-19)

From: Daniel Ahlberg (aliz@gentoo.org)
Date: 03/22/03

  • Next message: Georgi Guninski: "Re: [Full-Disclosure] CERT: Vulnerability in web redirectors"
    From: Daniel Ahlberg <aliz@gentoo.org>
    To: full-disclosure@lists.netsys.com
    Date: Sat, 22 Mar 2003 19:19:40 +0100
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - ---------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200303-19
    - - ---------------------------------------------------------------------

              PACKAGE : mutt
              SUMMARY : buffer overflow
                 DATE : 2003-03-22 18:19 UTC
              EXPLOIT : local
    VERSIONS AFFECTED : <1.4.1
        FIXED VERSION : >=1.4.1
                  CVE : CAN-2003-0140

    - - ---------------------------------------------------------------------

    - From advisory:

    "By controlling a malicious IMAP server and providing a specially 
    crafted folder, an attacker can crash the mail reader and possibly 
    force execution of arbitrary commands on the vulnerable system with
    the privileges of the user running Mutt."

    Read the full advisory at:
    http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10

    SOLUTION

    It is recommended that all Gentoo Linux users who are running
    net-mail/mutt upgrade to mutt-1.4.1 as follows:

    emerge sync
    emerge mutt
    emerge clean

    - - ---------------------------------------------------------------------
    aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
    - - ---------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQE+fKkyfT7nyhUpoZMRAkw6AKCmyIFHKpT4dpk4eafeuVw9M1zFZQCeI48z
    7dK4rjkZJCsYlIk5Yk5Fd/c=
    =acwA
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Georgi Guninski: "Re: [Full-Disclosure] CERT: Vulnerability in web redirectors"

    Relevant Pages

    • GLSA: mutt (200303-19)
      ... the privileges of the user running Mutt." ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge sync ...
      (Bugtraq)
    • [Full-Disclosure] GLSA: netscape-flash (200303-9)
      ... GENTOO LINUX SECURITY ANNOUNCEMENT 200303-9 ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge netscape-flash ...
      (Full-Disclosure)
    • [Full-Disclosure] GLSA: man (200303-13)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge sync ...
      (Full-Disclosure)
    • GLSA: eterm (200303-1)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge -u eterm ...
      (Bugtraq)
    • GLSA: vte (200303-2)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge -u vte ...
      (Bugtraq)