[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] remote vulnerability in mutt

To: linux-security@sfu.ca
Subject: [linux-security] remote vulnerability in mutt
From: Martin Siegert <siegert@sfu.ca>
Date: Sat, 14 Feb 2004 17:37:07 -0800
User-Agent: Mutt/1.4.1i

Topic
=====
buffer overflow vulnerability in mutt may allow execution of arbitrary code

Problem Description
===================
A bug in mutt could allow a remote attacker to send a carefully crafted
mail message that can cause mutt to segfault and possibly execute arbitrary
code as the user running mutt.

Affected Versions
=================
All stable versions prior to 1.4.2
(the unstable versions after 1.3.28 including 1.5.* are not affected)

Solution
========
Upgrade to mutt-1.4.2.1 or patched version for your distribution

Mandrake 9.1
------------
rpm -Fvh mutt-1.4.1i-1.2.91mdk.i586.rpm

Mandrake 9.2
------------
rpm -Fvh mutt-1.4.1i-3.1.92mdk.i586.rpm

RedHat 9
--------
rpm -Fvh mutt-1.4.1-3.3.i386.rpm

Fedora 1.0
----------
rpm -Fvh mutt-1.4.1-5.i386.rpm

SFU 1.0 (RedHat 7.3)
--------------------
(packages can be found at http://www.sfu.ca/acs/security/linux/7.3/
or on sphinx.sfu.ca in /vol/vol0/distrib/sfu/1.0/RPMS)

rpm -Fvh mutt-1.4.1-4.i386.rpm

Prev by Date: Re: [linux-security] local root exploit in X (RedHat 9)
Next by Date: [linux-security] backported security fixes for RH 7.3 available via ftp
Prev by thread: [linux-security] backported security fixes for RH 7.3 available via ftp
Next by thread: [linux-security] local root exploit in X
Index(es):
- Date
- Thread