Vulnerabilities > CVE-2006-3242 - Unspecified vulnerability in Mutt 1.4.2/1.4.2.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mutt
nessus

Summary

Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.

Vulnerable Configurations

Part Description Count
Application
Mutt
2

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11094.NASL
    descriptionMutt has a buffer overflow in IMAP namespace parsing code which may open a possible remote vulnerability. (CVE-2006-3242)
    last seen2020-06-01
    modified2020-06-02
    plugin id41094
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41094
    titleSuSE9 Security Update : mutt (YOU Patch Number 11094)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41094);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:28");
    
      script_cve_id("CVE-2006-3242");
    
      script_name(english:"SuSE9 Security Update : mutt (YOU Patch Number 11094)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mutt has a buffer overflow in IMAP namespace parsing code which may
    open a possible remote vulnerability. (CVE-2006-3242)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2006-3242/"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 11094.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"mutt-1.5.6i-64.9")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-1061.NASL
    description - Tue Oct 24 2006 Miroslav Lichvar <mlichvar at redhat.com> 5:1.4.2.1-7.fc5 - fix insecure temp file creation on NFS (#211085, CVE-2006-5297) - Thu Jun 29 2006 Miroslav Lichvar <mlichvar at redhat.com> 5:1.4.2.1-6.3.fc5 - fix a buffer overflow when processing IMAP namespace (#197152, CVE-2006-3242) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24036
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24036
    titleFedora Core 5 : mutt-1.4.2.1-7.fc5 (2006-1061)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2006-1061.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24036);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:24");
    
      script_xref(name:"FEDORA", value:"2006-1061");
    
      script_name(english:"Fedora Core 5 : mutt-1.4.2.1-7.fc5 (2006-1061)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Tue Oct 24 2006 Miroslav Lichvar <mlichvar at
        redhat.com> 5:1.4.2.1-7.fc5
    
        - fix insecure temp file creation on NFS (#211085,
          CVE-2006-5297)
    
        - Thu Jun 29 2006 Miroslav Lichvar <mlichvar at
          redhat.com> 5:1.4.2.1-6.3.fc5
    
        - fix a buffer overflow when processing IMAP namespace
          (#197152, CVE-2006-3242)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2006-October/000675.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9759cbe1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mutt and / or mutt-debuginfo packages."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mutt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mutt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/10/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC5", reference:"mutt-1.4.2.1-7.fc5")) flag++;
    if (rpm_check(release:"FC5", reference:"mutt-debuginfo-1.4.2.1-7.fc5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt / mutt-debuginfo");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-760.NASL
    description - Thu Jun 29 2006 Miroslav Lichvar <mlichvar at redhat.com> 5:1.4.2.1-6.3.fc5 - fix a buffer overflow when processing IMAP namespace (#197152, CVE-2006-3242) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24135
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24135
    titleFedora Core 5 : mutt-1.4.2.1-6.3.fc5 (2006-760)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2006-760.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24135);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_xref(name:"FEDORA", value:"2006-760");
    
      script_name(english:"Fedora Core 5 : mutt-1.4.2.1-6.3.fc5 (2006-760)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Thu Jun 29 2006 Miroslav Lichvar <mlichvar at
        redhat.com> 5:1.4.2.1-6.3.fc5
    
        - fix a buffer overflow when processing IMAP namespace
          (#197152, CVE-2006-3242)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2006-June/000343.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dc205c83"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mutt and / or mutt-debuginfo packages."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mutt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mutt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC5", reference:"mutt-1.4.2.1-6.3.fc5")) flag++;
    if (rpm_check(release:"FC5", reference:"mutt-debuginfo-1.4.2.1-6.3.fc5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt / mutt-debuginfo");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-115.NASL
    descriptionA stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. Updated packages have been patched to address this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id21777
    published2006-06-29
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21777
    titleMandrake Linux Security Advisory : mutt (MDKSA-2006:115)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2006:115. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21777);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2006-3242");
      script_xref(name:"MDKSA", value:"2006:115");
    
      script_name(english:"Mandrake Linux Security Advisory : mutt (MDKSA-2006:115)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A stack-based buffer overflow in the browse_get_namespace function in
    imap/browse.c of Mutt allows remote attackers to cause a denial of
    service (crash) or execute arbitrary code via long namespaces received
    from the IMAP server.
    
    Updated packages have been patched to address this issue."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mutt and / or mutt-utf8 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mutt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mutt-utf8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.2", reference:"mutt-1.5.6i-5.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"mutt-utf8-1.5.6i-5.1.102mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK2006.0", reference:"mutt-1.5.9i-9.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"mutt-utf8-1.5.9i-9.1.20060mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0577.NASL
    descriptionUpdated mutt packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mutt is a text-mode mail user agent. A buffer overflow flaw was found in the way Mutt processes an overly long namespace from a malicious imap server. In order to exploit this flaw a user would have to use Mutt to connect to a malicious IMAP server. (CVE-2006-3242) Users of Mutt are advised to upgrade to these erratum packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22039
    published2006-07-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22039
    titleCentOS 3 / 4 : mutt (CESA-2006:0577)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0577 and 
    # CentOS Errata and Security Advisory 2006:0577 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22039);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-3242");
      script_xref(name:"RHSA", value:"2006:0577");
    
      script_name(english:"CentOS 3 / 4 : mutt (CESA-2006:0577)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mutt packages that fix a security issue are now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Mutt is a text-mode mail user agent.
    
    A buffer overflow flaw was found in the way Mutt processes an overly
    long namespace from a malicious imap server. In order to exploit this
    flaw a user would have to use Mutt to connect to a malicious IMAP
    server. (CVE-2006-3242)
    
    Users of Mutt are advised to upgrade to these erratum packages, which
    contain a backported patch to correct this issue."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013001.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ae865acd"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013005.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?778ae63c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013010.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ee1aa50e"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013011.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f5563ca6"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013018.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bf5a51c0"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013019.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?03aad93c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected mutt package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mutt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"mutt-1.4.1-3.5.rhel3")) flag++;
    
    if (rpm_check(release:"CentOS-4", reference:"mutt-1.4.1-11.rhel4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MUTT-1701.NASL
    descriptionMutt had a buffer overflow in IMAP namespace parsing code which may open a possible remote vulnerability (CVE-2006-3242).
    last seen2020-06-01
    modified2020-06-02
    plugin id27353
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27353
    titleopenSUSE 10 Security Update : mutt (mutt-1701)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update mutt-1701.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27353);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:28");
    
      script_cve_id("CVE-2006-3242");
    
      script_name(english:"openSUSE 10 Security Update : mutt (mutt-1701)");
      script_summary(english:"Check for the mutt-1701 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mutt had a buffer overflow in IMAP namespace parsing code which may
    open a possible remote vulnerability (CVE-2006-3242)."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected mutt package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mutt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"mutt-1.5.9i-27.4") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1108.NASL
    descriptionIt was discovered that the mutt mail reader performs insufficient validation of values returned from an IMAP server, which might overflow a buffer and potentially lead to the injection of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22650
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22650
    titleDebian DSA-1108-1 : mutt - buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1108. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22650);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2006-3242");
      script_xref(name:"DSA", value:"1108");
    
      script_name(english:"Debian DSA-1108-1 : mutt - buffer overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the mutt mail reader performs insufficient
    validation of values returned from an IMAP server, which might
    overflow a buffer and potentially lead to the injection of arbitrary
    code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1108"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mutt package.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.5.9-2sarge2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mutt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"mutt", reference:"1.5.9-2sarge2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0577.NASL
    descriptionUpdated mutt packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mutt is a text-mode mail user agent. A buffer overflow flaw was found in the way Mutt processes an overly long namespace from a malicious imap server. In order to exploit this flaw a user would have to use Mutt to connect to a malicious IMAP server. (CVE-2006-3242) Users of Mutt are advised to upgrade to these erratum packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22045
    published2006-07-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22045
    titleRHEL 2.1 / 3 / 4 : mutt (RHSA-2006:0577)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0577. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22045);
      script_version ("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2006-3242");
      script_xref(name:"RHSA", value:"2006:0577");
    
      script_name(english:"RHEL 2.1 / 3 / 4 : mutt (RHSA-2006:0577)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mutt packages that fix a security issue are now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Mutt is a text-mode mail user agent.
    
    A buffer overflow flaw was found in the way Mutt processes an overly
    long namespace from a malicious imap server. In order to exploit this
    flaw a user would have to use Mutt to connect to a malicious IMAP
    server. (CVE-2006-3242)
    
    Users of Mutt are advised to upgrade to these erratum packages, which
    contain a backported patch to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3242"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0577"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected mutt package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mutt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0577";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mutt-1.2.5.1-2.rhel21")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"mutt-1.4.1-3.5.rhel3")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"mutt-1.4.1-11.rhel4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-1063.NASL
    description - Tue Oct 24 2006 Miroslav Lichvar <mlichvar at redhat.com> 5:1.4.2.2-3 - fix insecure temp file creation on NFS (#211085, CVE-2006-5297) - Thu Aug 3 2006 Miroslav Lichvar <mlichvar at redhat.com> 5:1.4.2.2-2 - fix a SASL authentication bug (#199591) - Mon Jul 17 2006 Miroslav Lichvar <mlichvar at redhat.com> 5:1.4.2.2-1 - update to 1.4.2.2 - fix directories in manual.txt (#162207) - drop bcc patch (#197408) - don
    last seen2020-06-01
    modified2020-06-02
    plugin id24037
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24037
    titleFedora Core 6 : mutt-1.4.2.2-3.fc6 (2006-1063)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2006-1063.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24037);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:24");
    
      script_xref(name:"FEDORA", value:"2006-1063");
    
      script_name(english:"Fedora Core 6 : mutt-1.4.2.2-3.fc6 (2006-1063)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Tue Oct 24 2006 Miroslav Lichvar <mlichvar at
        redhat.com> 5:1.4.2.2-3
    
        - fix insecure temp file creation on NFS (#211085,
          CVE-2006-5297)
    
        - Thu Aug 3 2006 Miroslav Lichvar <mlichvar at
          redhat.com> 5:1.4.2.2-2
    
        - fix a SASL authentication bug (#199591)
    
        - Mon Jul 17 2006 Miroslav Lichvar <mlichvar at
          redhat.com> 5:1.4.2.2-1
    
        - update to 1.4.2.2
    
        - fix directories in manual.txt (#162207)
    
        - drop bcc patch (#197408)
    
        - don't package flea
    
        - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com>
          - 5:1.4.2.1-7.1
    
        - rebuild
    
        - Thu Jun 29 2006 Miroslav Lichvar <mlichvar at
          redhat.com> 5:1.4.2.1-7
    
        - fix a buffer overflow when processing IMAP namespace
          (#197152, CVE-2006-3242)
    
        - Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com>
          - 5:1.4.2.1-6.2.1
    
        - bump again for double-long bug on ppc(64)
    
        - Tue Feb 7 2006 Jesse Keating <jkeating at redhat.com>
          - 5:1.4.2.1-6.2
    
        - rebuilt for new gcc4.1 snapshot and glibc changes
    
        - Fri Dec 9 2005 Jesse Keating <jkeating at redhat.com>
    
        - rebuilt
    
        - Wed Nov 9 2005 Bill Nottingham <notting at redhat.com>
          5:1.4.2.1-6
    
        - rebuild against new ssl libs
    
        - Thu Oct 27 2005 Bill Nottingham <notting at
          redhat.com> 5:1.4.2.1-5
    
        - add patch from 1.5 branch to fix SASL logging
          (#157251, #171528)
    
        - Fri Aug 26 2005 Bill Nottingham <notting at
          redhat.com> 5:1.4.2.1-3
    
        - add patch from 1.5 branch to fix base64 decoding
          (#166718)
    
        - Mon Mar 7 2005 Bill Nottingham <notting at redhat.com>
          5:1.4.2.1-2
    
        - rebuild against new openssl
    
        - fix build with gcc4
    
        - Thu Jan 27 2005 Bill Nottingham <notting at
          redhat.com> 5:1.4.2.1-1
    
        - update to 1.4.2.1 (#141007, <moritz at barsnick.net>)
    
        - include a /etc/Muttrc.local for site config (#123109)
    
        - add <f2> as a additional help key for terminals that
          use <f1> internally (#139277)
    
      - Wed Sep 15 2004 Nalin Dahyabhai <nalin at redhat.com>
        5:1.4.1-10
    
        - expect the server to prompt for additional auth data
          if we have some to send (#129961, upstream #1845)
    
      - use 'pop' as the service name instead of 'pop-3' when
        using SASL for POP, per rfc1734
    
      - Fri Aug 13 2004 Bill Nottingham <notting at redhat.com>
        5:1.4.1-9
    
        - set write_bcc to no by default (since we ship exim)
    
        - build against sasl2 (#126724)
    
        - Mon Jun 28 2004 Bill Nottingham <notting at
          redhat.com>
    
        - remove autosplat patch (#116769)
    
        - Tue Jun 15 2004 Elliot Lee <sopwith at redhat.com>
    
        - rebuilt
    
        - Tue Jun 8 2004 Bill Nottingham <notting at redhat.com>
          5:1.4.1-7
    
        - link urlview against ncursesw (fixes #125530,
          indirectly)
    
        - Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>
    
        - rebuilt
    
        - Tue Jan 27 2004 Bill Nottingham <notting at
          redhat.com> 5:1.4.1-5
    
    [plus 179 lines in the Changelog]
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2006-October/000686.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a546de0a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mutt and / or mutt-debuginfo packages."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mutt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mutt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/10/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC6", reference:"mutt-1.4.2.2-3.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"mutt-debuginfo-1.4.2.2-3.fc6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt / mutt-debuginfo");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-307-1.NASL
    descriptionTAKAHASHI Tamotsu discovered that mutt
    last seen2020-06-01
    modified2020-06-02
    plugin id27882
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27882
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : mutt vulnerability (USN-307-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-307-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27882);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2006-3242");
      script_xref(name:"USN", value:"307-1");
    
      script_name(english:"Ubuntu 5.04 / 5.10 / 6.06 LTS : mutt vulnerability (USN-307-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not
    sufficiently check the validity of namespace strings. If an user
    connects to a malicious IMAP server, that server could exploit this to
    crash mutt or even execute arbitrary code with the privileges of the
    mutt user.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/307-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected mutt package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mutt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(5\.04|5\.10|6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10 / 6.06", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"5.04", pkgname:"mutt", pkgver:"1.5.6-20040907+2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"mutt", pkgver:"1.5.9-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mutt", pkgver:"1.5.11-3ubuntu2.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-761.NASL
    description - Thu Jun 29 2006 Miroslav Lichvar <mlichvar at redhat.com> 5:1.4.2.1-5.fc4 - fix a buffer overflow when processing IMAP namespace (#197152, CVE-2006-3242) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24136
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24136
    titleFedora Core 4 : mutt-1.4.2.1-5.fc4 (2006-761)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2006-761.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24136);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_xref(name:"FEDORA", value:"2006-761");
    
      script_name(english:"Fedora Core 4 : mutt-1.4.2.1-5.fc4 (2006-761)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Thu Jun 29 2006 Miroslav Lichvar <mlichvar at
        redhat.com> 5:1.4.2.1-5.fc4
    
        - fix a buffer overflow when processing IMAP namespace
          (#197152, CVE-2006-3242)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2006-June/000344.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cd9cd9d4"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mutt and / or mutt-debuginfo packages."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mutt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mutt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC4", reference:"mutt-1.4.2.1-5.fc4")) flag++;
    if (rpm_check(release:"FC4", reference:"mutt-debuginfo-1.4.2.1-5.fc4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt / mutt-debuginfo");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2006-207-01.NASL
    descriptionNew mutt packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22098
    published2006-07-28
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22098
    titleSlackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : mutt (SSA:2006-207-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2006-207-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22098);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2006-3242");
      script_xref(name:"SSA", value:"2006-207-01");
    
      script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : mutt (SSA:2006-207-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New mutt packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
    10.1, 10.2, and -current to fix a possible security issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472221
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f208ceb8"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected mutt package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mutt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/28");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"8.1", pkgname:"mutt", pkgver:"1.4.2.2i", pkgarch:"i386", pkgnum:"1_slack8.1")) flag++;
    
    if (slackware_check(osver:"9.0", pkgname:"mutt", pkgver:"1.4.2.2i", pkgarch:"i386", pkgnum:"1_slack9.0")) flag++;
    
    if (slackware_check(osver:"9.1", pkgname:"mutt", pkgver:"1.4.2.2i", pkgarch:"i486", pkgnum:"1_slack9.1")) flag++;
    
    if (slackware_check(osver:"10.0", pkgname:"mutt", pkgver:"1.4.2.2i", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++;
    
    if (slackware_check(osver:"10.1", pkgname:"mutt", pkgver:"1.4.2.2i", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++;
    
    if (slackware_check(osver:"10.2", pkgname:"mutt", pkgver:"1.4.2.2i", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"mutt", pkgver:"1.4.2.2i", pkgarch:"i486", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200606-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200606-27 (Mutt: Buffer overflow) TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in the
    last seen2020-06-01
    modified2020-06-02
    plugin id21773
    published2006-06-29
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21773
    titleGLSA-200606-27 : Mutt: Buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200606-27.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21773);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:43");
    
      script_cve_id("CVE-2006-3242");
      script_xref(name:"GLSA", value:"200606-27");
    
      script_name(english:"GLSA-200606-27 : Mutt: Buffer overflow");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200606-27
    (Mutt: Buffer overflow)
    
        TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in
        the 'browse_get_namespace()' function in browse.c, which can be
        triggered when receiving an overly long namespace from an IMAP server.
      
    Impact :
    
        A malicious IMAP server can send an overly long namespace to Mutt in
        order to crash the application, and possibly execute arbitrary code
        with the permissions of the user running Mutt.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200606-27"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Mutt users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/mutt-1.5.11-r2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mutt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/29");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"mail-client/mutt", unaffected:make_list("ge 1.5.11-r2"), vulnerable:make_list("lt 1.5.11-r2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mutt");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D2A43243087B11DBBC360008743BF21A.NASL
    descriptionSecurityFocus reports : Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application
    last seen2020-06-01
    modified2020-06-02
    plugin id21790
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21790
    titleFreeBSD : mutt -- Remote Buffer Overflow Vulnerability (d2a43243-087b-11db-bc36-0008743bf21a)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21790);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:38");
    
      script_cve_id("CVE-2006-3242");
      script_bugtraq_id(18642);
    
      script_name(english:"FreeBSD : mutt -- Remote Buffer Overflow Vulnerability (d2a43243-087b-11db-bc36-0008743bf21a)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SecurityFocus reports :
    
    Mutt is prone to a remote buffer-overflow vulnerability. This issue is
    due to the application's failure to properly bounds-check
    user-supplied input before copying it to an insufficiently sized
    memory buffer.
    
    This issue may allow remote attackers to execute arbitrary machine
    code in the context of the affected application. Failed exploit
    attempts will likely crash the application, denying further service to
    legitimate users."
      );
      # http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fc3f05e9"
      );
      # https://vuxml.freebsd.org/freebsd/d2a43243-087b-11db-bc36-0008743bf21a.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2fc568a6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ja-mutt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ja-mutt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mutt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mutt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mutt-devel-lite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mutt-lite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mutt-ng");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:zh-mutt-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"mutt<=1.4.2.1_2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mutt-lite<=1.4.2.1_2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mutt-devel<=1.5.11_2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mutt-devel-lite<=1.5.11_2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ja-mutt<=1.4.2.1.j1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"zh-mutt-devel<=1.5.11_20040617")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ja-mutt-devel<=1.5.6.j1_2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mutt-ng<=20060501")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

accepted2013-04-29T04:09:06.927-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionStack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.
familyunix
idoval:org.mitre.oval:def:10826
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleStack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.
version26

Redhat

advisories
bugzilla
id197151
titleCVE-2006-3242 Mutt IMAP namespace buffer overflow
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • commentmutt is earlier than 5:1.4.1-11.rhel4
      ovaloval:com.redhat.rhsa:tst:20060577001
    • commentmutt is signed with Red Hat master key
      ovaloval:com.redhat.rhsa:tst:20060577002
rhsa
idRHSA-2006:0577
released2006-07-12
severityModerate
titleRHSA-2006:0577: mutt security update (Moderate)
rpms
  • mutt-5:1.4.1-11.rhel4
  • mutt-5:1.4.1-3.5.rhel3
  • mutt-debuginfo-5:1.4.1-11.rhel4
  • mutt-debuginfo-5:1.4.1-3.5.rhel3

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 18642 CVE(CAN) ID: CVE-2006-3242 Mutt是一个小型但功能强大的基于文本的MIME邮件客户端。 Mutt处理畸形邮件时存在漏洞,远程攻击者可能利用此漏洞在客户端上执行任意指令。 Mutt的browse.c文件的browse_get_namespace()函数中存在缓冲区溢出漏洞。如果恶意的IMAP服务器向Mutt发送了超长的名称空间的话,就会触发这个漏洞,导致客户端崩溃或执行任意指令。 Mutt Mutt 1.4.2 Gentoo Linux 厂商补丁: Mutt ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commitdiff;h=dc0272b749f0e2b102973b7ac43dbd3908507540 target=_blank>http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commitdiff;h=dc0272b749f0e2b102973b7ac43dbd3908507540</a> Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200606-27)以及相应补丁: GLSA-200606-27:Mutt: Buffer overflow 链接:<a href=http://security.gentoo.org/glsa/glsa-200606-27.xml target=_blank>http://security.gentoo.org/glsa/glsa-200606-27.xml</a> 所有Mutt用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose &quot;&gt;=mail-client/mutt-1.5.11-r2&quot;
idSSV:2740
last seen2017-11-19
modified2007-12-31
published2007-12-31
reporterRoot
titleMutt BROWSE_GET_NAMESPACE IMAP名称空间处理远程溢出漏洞

References