CVE-2001-0473
CVSS7.5
发布时间 :2001-06-27 00:00:00
修订时间 :2016-10-17 22:11:20
NMCO    

[原文]Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.


[CNNVD]Mutt格式化字符串漏洞(CNNVD-200106-132)

        Mutt 1.2.5之前版本存在格式化字符串漏洞。远程恶意IMAP服务器可以利用该漏洞执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:conectiva:linuxConectiva Linux
cpe:/o:redhat:linux:6.0Red Hat Linux 6.0
cpe:/a:immunix:immunix:6.2
cpe:/o:redhat:linux:5.2Red Hat Linux 5.2
cpe:/o:redhat:linux:6.1Red Hat Linux 6.1
cpe:/o:redhat:linux:7.0Red Hat Linux 7.0
cpe:/a:immunix:immunix:7.0
cpe:/o:redhat:linux:6.2Red Hat Linux 6.2
cpe:/a:mutt:mutt:1.2.5
cpe:/o:mandrakesoft:mandrake_linux:6.1MandrakeSoft Mandrake Linux 6.1
cpe:/o:mandrakesoft:mandrake_linux:7.0MandrakeSoft Mandrake Linux 7.0
cpe:/o:mandrakesoft:mandrake_linux:7.2MandrakeSoft Mandrake Linux 7.2
cpe:/a:immunix:immunix:7.0_beta
cpe:/o:mandrakesoft:mandrake_linux:6.0MandrakeSoft Mandrake Linux 6.0
cpe:/o:mandrakesoft:mandrake_linux:7.1MandrakeSoft Mandrake Linux 7.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0473
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0473
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200106-132
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html
(VENDOR_ADVISORY)  BUGTRAQ  20010320 Trustix Security Advisory - mutt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385
(UNKNOWN)  CONECTIVA  CLA-2001:385
http://marc.info/?l=bugtraq&m=98473109630421&w=2
(UNKNOWN)  BUGTRAQ  20010315 Immunix OS Security update for mutt
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2001-031
http://www.redhat.com/support/errata/RHSA-2001-029.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2001:029
http://xforce.iss.net/static/6235.php
(VENDOR_ADVISORY)  XF  mutt-imap-format-string(6235)

- 漏洞信息

Mutt格式化字符串漏洞
高危 格式化字符串
2001-06-27 00:00:00 2006-09-15 00:00:00
远程  
        Mutt 1.2.5之前版本存在格式化字符串漏洞。远程恶意IMAP服务器可以利用该漏洞执行任意代码。

- 公告与补丁

        

- 漏洞信息

5615
Mutt IMAP Handling Remote Format String
Remote / Network Access, Local / Remote, Context Dependent Input Manipulation
Loss of Confidentiality, Loss of Integrity

- 漏洞描述

mutt contains a flaw that may allow a remote attacker to use an IMAP server to execute arbitrary code on the vulnerable machine. The issue is triggered when an IMAP server sends messages to the mutt client. It is possible for an attacker to use an IMAP server to send specially crafted messages that may allow the execution of arbitrary code.

- 时间线

2001-03-09 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.2.5i or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站