SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (E-mail Client)  >   Mutt Vendors:   Mutt.org
(Debian Issues Fix for Sparc Platform) Mutt E-mail Client Buffer Overflow May Let Remote Users Cause Arbitary Commands to Be Executed on the Mutt User's Host
SecurityTracker Alert ID:  1003093
SecurityTracker URL:  http://securitytracker.com/id/1003093
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 3 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): mutt-1.2.5 and 1.3.24 and prior releases
Description:   A buffer overflow vulnerability was reported in the Mutt e-mail client that may allow remote users to cause arbitrary commands to be executed by another user's Mutt e-mail client.

It is reported that this vulnerability is remotely exploitable. The bug is apparently due to a one byte buffer overflow. No other details on the vulnerability were provided.

Impact:   A remote user may be able to create an e-mail message that, when viewed by another user with the Mutt client, will cause arbitrary commands to be executed by the Mutt client with the privileges of the user running Mutt.
Solution:   The vendor has released a fix for the Sparc platform for Debian GNU/Linux 2.2 alias potato.

Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/mutt_1.2.5-5_sparc.deb
MD5 checksum: 8bb33cd0efac0aeb345e87d58188e905

These packages will be moved into the stable distribution on its next revision.

See the Source Message for the vendor's advisory containing directions on how to apply the appropriate fix.

Vendor URL:  www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Debian)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 2 2002 Mutt E-mail Client Buffer Overflow May Let Remote Users Cause Arbitary Commands to Be Executed on the Mutt User's Host



 Source Message Contents

Date:  Thu, 3 Jan 2002 01:29:31 +0100
Subject:  [SECURITY] [DSA-096-2] mutt buffer overflow, sparc update


-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory DSA-096-2                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
January  3, 2002
- ------------------------------------------------------------------------


Package        : mutt
Problem type   : buffer overflow
Debian-specific: no

The sparc binary for the mutt security fix described in DSA-096-1
is now available.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/main/binary-sparc/mutt_1.2.5-5_sparc.deb
      MD5 checksum: 8bb33cd0efac0aeb345e87d58188e905

  These packages will be moved into the stable distribution on its next
  revision.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- -- 
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBPDOl5ajZR/ntlUftAQF3qwL/as2DEB1BgdCAPLv+eT9tXbpjEBYe4Z8x
F1/1JgFF4DFox1clmAGxYRFDlo8q8Yo50aR+yhcJxc2/Y53a3KDiTWBI+hAbnGTI
VRsHMEHvY/mSisfBiqQJTtyob+lwhXE5
=1Y6t
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC