Title: Mutt IMAP Server Message Format String Vulnerability
Severity: MODERATE
Description:
mutt is a powerful email utility, actively maintained by the Mutt Development Team. mutt is a Mail User Agent that is both open source and freely available.
A format string vulnerability may make it possible for a malicious IMAP server to execute arbitrary commands with the privileges and permissions of the user of mutt. In doing so, it may make it possible for a remote user to gain local access to the system of the mutt user.
The problem occurs in the handling of messages returned by the IMAP server to the mutt client. mutt does not correctly handle the return of messages by the IMAP server, passing them through a section of code which could allow the IMAP server to pass a format string through to execute arbitrary commands.
The vulnerability in previous packages occurs in a section of code similar to this:
snprintf (buff, sizeof(buff), "server said: %s", some_server_message);
mutt_message (buff);
Affected Products:
- Conectiva Linux 4.0.0
- Conectiva Linux 4.0.0 es
- Conectiva Linux 4.1.0
- Conectiva Linux 4.2.0
- Conectiva Linux 5.0.0
- Conectiva Linux 5.1.0
- Conectiva Linux ecommerce
- Conectiva Linux graficas
- Mutt Mutt 0.93.2
- Mutt Mutt 1.0.1
- RedHat Linux 5.2.0 alpha
- RedHat Linux 5.2.0 i386
- RedHat Linux 5.2.0 sparc
- RedHat Linux 6.2.0 alpha
- RedHat Linux 6.2.0 i386
- RedHat Linux 6.2.0 sparc
- S.u.S.E. Linux 6.4.0 alpha
- S.u.S.E. Linux 6.4.0 i386
- S.u.S.E. Linux 6.4.0 ppc
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
