SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Mutt Vendors:   Mutt.org
Mutt E-mail Client Could Execute Malicious Code From a Compromised IMAP Mail Server
SecurityTracker Alert ID:  1001120
SecurityTracker URL:  http://securitytracker.com/id/1001120
CVE Reference:   CVE-2001-0473   (Links to External Site)
Updated:  Apr 26 2004
Original Entry Date:  Mar 20 2001
Impact:   Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): see description
Description:   CIAC warned of a vulnerability in the Mutt e-mail client software included with many Linux distributions, including Red Hat Linux, that could allow an attacker to cause code on a compromised IMAP mail server to be executed by Mutt on the user's host.

CIAC Bulletin L-060 indicates that Mutt contains a "format string" vulnerability and a GSSAPI incompatibility. GSSAPI is a security interface.

CIAC reports that Mutt included with Red Hat Linux 5.2, 6.0, and 6.1 are vulnerable and that Mutt included with Red Hat Linux 6.2 and 7.0 have GSSAPI incompatibilities.

For the original CIAC bulletin, see: http://www.ciac.org/ciac/bulletins/l-060.shtml

Impact:   An attacker that has compromised an IMAP mail server could cause malicious code to be executed by Mutt on the user's host.
Solution:   See recommendations and directions in Red Hat's security advisory: http://www.redhat.com/support/errata/RHSA-2001-029.html
Vendor URL:  www.mutt.org (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  CIAC Bulletin L-060: Mutt Format String Vulnerability and Incompatibility


CIAC Bulletin L-060: Mutt Format String Vulnerability and Incompatibility

[ For Public Release ]

-----BEGIN PGP SIGNED MESSAGE-----

             __________________________________________________________

                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

              Mutt Format String Vulnerability and Incompatibility

March 19, 2001 19:00 GMT                                          Number L-060
______________________________________________________________________________
PROBLEM:       Mutt, a program for reading electronic mail, has a "format 
               string" vulnerability and a GSSAPI incompatibility. 
PLATFORM:      Red Hat Linux 5.2, 6.0, and 6.1 are vulnerable.
               Red Hat Linux 6.2 and 7.0 have GSSAPI incompatibilities.
DAMAGE:        The "format string" vulnerability could allow a compromised or 
               malicious IMAP server to execute code on the local machine. 
SOLUTION:      Apply the patches as directed. 
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. The vulnerability has been discussed in 
               public forums and can allow a server to execute code on the 
               local machine.
______________________________________________________________________________

http://www.ciac.org/ciac/bulletins/l-060.shtml
_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of Red Hat, Inc. for the 
information contained in this bulletin.
_______________________________________________________________________________


CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
                        (or http://ciac.llnl.gov -- they're the same machine)
   Anonymous FTP:       ftp.ciac.org
                        (or ciac.llnl.gov -- they're the same machine)

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

L-050: Microsoft Outlook VCard Unchecked Buffer Vulnerability
L-051: Microsoft "Windows 2000 Event Viewer" Vulnerability
L-052: Cisco IOS Software SNMP Read-Write ILMI Community String
L-053: Cisco IOS Software TCP Initial Sequence Number Improvements
L-054: Microsoft IIS and Exchange Malformed URL Denial of Service
L-055: pcAnywhere Denial of Service, abnormal server connection
L-056: The Naked Wife (W32.Naked@mm) Trojan
L-057: Kerberos /tmp Root Vulnerability
L-058: HPUX Sec. Vulnerability asecure
L-059: Microsoft IIS WebDAV Denial of service Vulnerability

-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBOrZgebnzJzdsy3QZAQENigP8CohjZgOVRtTl4VG7ELveY08D3O110ElW
oun2b7g/m7Zo6IcDmNHd/PVEuYy71Z23AMl9hpLcBcpHy3YsG1yj91dxhLIyDycH
zt6qoutD9tzkVJEz4e9OYIZH+5IWKYGu8+AdflUyOIBUUgVlf7ZAlmrTPTC0nh46
s31jF0S1Vl4=
=Q6Tp
-----END PGP SIGNATURE-----

-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server.  If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC