SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Mutt Vendors:   Mutt.org
Mutt Index Menu Code Lets Remote Users Crash the Client
SecurityTracker Alert ID:  1009019
SecurityTracker URL:  http://securitytracker.com/id/1009019
CVE Reference:   CVE-2004-0078   (Links to External Site)
Date:  Feb 11 2004
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network

Version(s): 1.4.1
Description:   A vulnerability was reported in Mutt. A remote user can cause the target user's mail client to crash and may be able to execute arbitrary code.

It is reported that there is a vulnerability in the index menu code in mutt. A remote user can send a specially crafted e-mail message to the target user that will cause the target user's mutt client to crash (segfault). It may be possible to execute arbitrary code, the report said.

The nature of the flaw was not disclosed.

Impact:   A remote user can cause the target user's mutt client to crash.

It may also be possible for a remote user to cause arbitrary code to be executed on the target user's system.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.mutt.org/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 11 2004 (Red Hat Issues Fix for RH Enterprise Linux) Mutt Index Menu Code Lets Remote Users Crash the Client
Red Hat has issued a fix for Red Hat Enterprise Linux 3.
Feb 11 2004 (Red Hat Issues Fix for RH Linux) Mutt Index Menu Code Lets Remote Users Crash the Client
Red Hat has released a fix for Red Hat Linux 9.
Feb 11 2004 (Vendor Issues Fix) Mutt Index Menu Code Lets Remote Users Crash the Client
A fix is available.
Feb 12 2004 (Mandrake Issues Fix) Mutt Index Menu Code Lets Remote Users Crash the Client
Mandrake has released a fix.
Feb 12 2004 (Slackware Issues Fix) Mutt Index Menu Code Lets Remote Users Crash the Client
Slackware has released a fix.
Feb 13 2004 (Trustix Issues Fix) Mutt Index Menu Code Lets Remote Users Crash the Client
Trustix has released a fix.



 Source Message Contents

Subject:  CVE-2004-0078


Red Hat reported:

 > A bug was found in the index menu code in versions of mutt.  A remote
 > attacker could send a carefully crafted mail message that can cause mutt
 > to segfault and possibly execute arbitrary code as the victim.  The Common
 > Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
 > CAN-2004-0078 to this issue.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC