Vulnerabilities > CVE-2002-0001 - Buffer Overflow vulnerability in Mutt Address Handling
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-096.NASL description Joost Pol found a buffer overflow in the address handling code of mutt (a popular mail user agent). Even though this is a one byte overflow this is exploitable. This has been fixed upstream in version 1.2.5.1 and 1.3.25. The relevant patch has been added to version 1.2.5-5 of the Debian package. last seen 2020-06-01 modified 2020-06-02 plugin id 14933 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14933 title Debian DSA-096-2 : mutt - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-096. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14933); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2002-0001"); script_xref(name:"DSA", value:"096"); script_name(english:"Debian DSA-096-2 : mutt - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Joost Pol found a buffer overflow in the address handling code of mutt (a popular mail user agent). Even though this is a one byte overflow this is exploitable. This has been fixed upstream in version 1.2.5.1 and 1.3.25. The relevant patch has been added to version 1.2.5-5 of the Debian package." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-096" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected mutt package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mutt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"mutt", reference:"1.2.5-5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-002.NASL description Joost Pol reported a remotely exploitable buffer overflow in the mutt email client. It is recommended that all mutt users upgrade their packages immediately. Update : The previous packages released for 8.x were unable to recall postponed messages due to an incorrect patch. These new packages also provide the compressed folders patch that was unavailable when MDKSA-2002:002 was announced. last seen 2020-06-01 modified 2020-06-02 plugin id 13910 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13910 title Mandrake Linux Security Advisory : mutt (MDKSA-2002:002-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:002. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13910); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0001"); script_bugtraq_id(3774); script_xref(name:"MDKSA", value:"2002:002-1"); script_name(english:"Mandrake Linux Security Advisory : mutt (MDKSA-2002:002-1)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Joost Pol reported a remotely exploitable buffer overflow in the mutt email client. It is recommended that all mutt users upgrade their packages immediately. Update : The previous packages released for 8.x were unable to recall postponed messages due to an incorrect patch. These new packages also provide the compressed folders patch that was unavailable when MDKSA-2002:002 was announced." ); script_set_attribute(attribute:"solution", value:"Update the affected mutt package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mutt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"patch_publication_date", value:"2002/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"mutt-1.2.5i-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"mutt-1.2.5i-6.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"mutt-1.3.25i-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"mutt-1.3.25i-1.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449
- http://marc.info/?l=bugtraq&m=100994648918287&w=2
- http://online.securityfocus.com/advisories/3778
- http://www.debian.org/security/2002/dsa-096
- http://www.iss.net/security_center/static/7759.php
- http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
- http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html
- http://www.redhat.com/support/errata/RHSA-2002-003.html
- http://www.securityfocus.com/bid/3774