(Debian Issues Fix for Sparc Platform) Mutt E-mail Client Buffer Overflow May Let Remote Users Cause Arbitary Commands to Be Executed on the Mutt User's Host
|
|
SecurityTracker Alert ID: 1003093 |
|
SecurityTracker URL: http://securitytracker.com/id/1003093
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jan 3 2002
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): mutt-1.2.5 and 1.3.24 and prior releases
|
Description:
A buffer overflow vulnerability was reported in the Mutt e-mail client that may allow remote users to cause arbitrary commands to be executed by another user's Mutt e-mail client.
It is reported that this vulnerability is remotely exploitable. The bug is apparently due to a one byte buffer overflow. No other details on the vulnerability were provided.
|
Impact:
A remote user may be able to create an e-mail message that, when viewed by another user with the Mutt client, will cause arbitrary commands to be executed by the Mutt client with the privileges of the user running Mutt.
|
Solution:
The vendor has released a fix for the Sparc platform for Debian GNU/Linux 2.2 alias potato.
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/mutt_1.2.5-5_sparc.deb
MD5 checksum: 8bb33cd0efac0aeb345e87d58188e905
These packages will be moved into the stable distribution on its next revision.
See the Source Message for the vendor's advisory containing directions on how to apply the appropriate fix.
|
Vendor URL: www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Debian)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 3 Jan 2002 01:29:31 +0100
Subject: [SECURITY] [DSA-096-2] mutt buffer overflow, sparc update
|
-----BEGIN PGP SIGNED MESSAGE-----
- ------------------------------------------------------------------------
Debian Security Advisory DSA-096-2 security@debian.org
http://www.debian.org/security/ Wichert Akkerman
January 3, 2002
- ------------------------------------------------------------------------
Package : mutt
Problem type : buffer overflow
Debian-specific: no
The sparc binary for the mutt security fix described in DSA-096-1
is now available.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/mutt_1.2.5-5_sparc.deb
MD5 checksum: 8bb33cd0efac0aeb345e87d58188e905
These packages will be moved into the stable distribution on its next
revision.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- --
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBPDOl5ajZR/ntlUftAQF3qwL/as2DEB1BgdCAPLv+eT9tXbpjEBYe4Z8x
F1/1JgFF4DFox1clmAGxYRFDlo8q8Yo50aR+yhcJxc2/Y53a3KDiTWBI+hAbnGTI
VRsHMEHvY/mSisfBiqQJTtyob+lwhXE5
=1Y6t
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
