CVE-2004-0078
CVSS7.5
发布时间 :2004-03-03 00:00:00
修订时间 :2016-10-17 22:40:42
NMCOPS    

[原文]Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.


[CNNVD]Mutt Menu Drawing远程缓冲区溢出漏洞(CNNVD-200403-031)

        
        Mutt是一个小型但功能强大的基于文本的MIME邮件客户端。
        Mutt在处理部分EMAIL输入时存在问题,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以用户进程权限执行任意指令。
        攻击者发送特殊构建的邮件消息可导致Mutt产生段错误,精心构建提交数据可能以用户进程权限执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:mutt:mutt:1.2.5.5
cpe:/a:mutt:mutt:1.2.5
cpe:/a:mutt:mutt:1.2.5.4
cpe:/a:mutt:mutt:1.2.5.1
cpe:/a:mutt:mutt:1.2.5.12_ol
cpe:/a:mutt:mutt:1.3.17
cpe:/a:mutt:mutt:1.3.28
cpe:/a:mutt:mutt:1.3.12.1
cpe:/a:mutt:mutt:1.3.16
cpe:/a:mutt:mutt:1.3.27
cpe:/a:mutt:mutt:1.3.24
cpe:/a:mutt:mutt:1.3.25
cpe:/a:mutt:mutt:1.3.22
cpe:/a:mutt:mutt:1.3.12
cpe:/a:mutt:mutt:1.2.5.12
cpe:/a:mutt:mutt:1.4.1
cpe:/a:mutt:mutt:1.4.0
cpe:/a:mutt:mutt:1.2.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:838Red Hat Enterprise 3 Mutt BO in Index Menu
oval:org.mitre.oval:def:811Red Hat Mutt BO in Index Menu
oval:org.mitre.oval:def:10648Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of s...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0078
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0078
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200403-031
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt
(UNKNOWN)  CALDERA  CSSA-2004-013.0
http://bugs.debian.org/126336
(UNKNOWN)  CONFIRM  http://bugs.debian.org/126336
http://marc.info/?l=bugtraq&m=107651677817933&w=2
(UNKNOWN)  BUGTRAQ  20040211 Mutt-1.4.2 fixes buffer overflow.
http://marc.info/?l=bugtraq&m=107696262905039&w=2
(UNKNOWN)  BUGTRAQ  20040215 LNSA-#2004-0001: mutt remote crash
http://marc.info/?l=bugtraq&m=107884956930903&w=2
(UNKNOWN)  BUGTRAQ  20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010
(UNKNOWN)  MANDRAKE  MDKSA-2004:010
http://www.redhat.com/support/errata/RHSA-2004-050.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:050
http://www.redhat.com/support/errata/RHSA-2004-051.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:051
http://www.securityfocus.com/bid/9641
(VENDOR_ADVISORY)  BID  9641
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
(UNKNOWN)  SLACKWARE  SSA:2004-043
http://xforce.iss.net/xforce/xfdb/15134
(VENDOR_ADVISORY)  XF  mutt-index-menu-bo(15134)

- 漏洞信息

Mutt Menu Drawing远程缓冲区溢出漏洞
高危 边界条件错误
2004-03-03 00:00:00 2005-05-13 00:00:00
远程  
        
        Mutt是一个小型但功能强大的基于文本的MIME邮件客户端。
        Mutt在处理部分EMAIL输入时存在问题,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以用户进程权限执行任意指令。
        攻击者发送特殊构建的邮件消息可导致Mutt产生段错误,精心构建提交数据可能以用户进程权限执行任意指令。
        

- 公告与补丁

        厂商补丁:
        MandrakeSoft
        ------------
        MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:010)以及相应补丁:
        MDKSA-2004:010:Updated mutt packages fix remote crash
        链接:
        http://www.linux-mandrake.com/en/security/2004/2004-010.php

        补丁下载:
        Updated Packages:
        Corporate Server 2.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/mutt-1.4.1i-1.2.C21mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/mutt-1.4.1i-1.2.C21mdk.src.rpm
        Corporate Server 2.1/x86_64:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/mutt-1.4.1i-1.2.C21mdk.x86_64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/mutt-1.4.1i-1.2.C21mdk.src.rpm
        Mandrake Linux 9.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/mutt-1.4.1i-1.2.91mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/mutt-1.4.1i-1.2.91mdk.src.rpm
        Mandrake Linux 9.1/PPC:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/mutt-1.4.1i-1.2.91mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/mutt-1.4.1i-1.2.91mdk.src.rpm
        Mandrake Linux 9.2:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/mutt-1.4.1i-3.1.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/mutt-1.4.1i-3.1.92mdk.src.rpm
        Mandrake Linux 9.2/AMD64:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/mutt-1.4.1i-3.1.92mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/mutt-1.4.1i-3.1.92mdk.src.rpm
        _______________________________________________________________________
        To upgrade automatically use MandrakeUpdate or urpmi. The verification
        of md5 checksums and GPG signatures is performed automatically for you.
        A list of FTP mirrors can be obtained from:
        上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
        
        http://www.mandrakesecure.net/en/ftp.php

        Mutt
        ----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Mutt Upgrade mutt-1.4.2i.tar.gz
        ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2004:051-01)以及相应补丁:
        RHSA-2004:051-01:Updated mutt packages fix remotely-triggerable crash
        链接:https://www.redhat.com/support/errata/RHSA-2004-051.html
        补丁下载:
        Red Hat Linux 9:
        SRPMS:
        ftp://updates.redhat.com/9/en/os/SRPMS/mutt-1.4.1-3.3.src.rpm
        i386:
        ftp://updates.redhat.com/9/en/os/i386/mutt-1.4.1-3.3.i386.rpm
        可使用下列命令安装补丁:
        rpm -Fvh [文件名]

- 漏洞信息 (F32671)

RHSA-2004:051-01.txt (PacketStormID:F32671)
2004-02-11 00:00:00
Mark Cox  redhat.com
advisory,remote,arbitrary
linux,redhat
CVE-2004-0078
[点击下载]

Red Hat Security Advisory - A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=utf-8" />
<title>RHSA-2004:051-01.txt ≈ Packet Storm</title>
<meta name="description" content="Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers" />
<meta name="keywords" content="security,exploit,advisory,whitepaper,xss,csrf,overflow,scanner,vulnerability" />
<link rel="shortcut icon" href="/img/pss.ico" />
<link rel="stylesheet" media="screen,print,handheld" href="http://packetstatic.com/css1366870159/pss.css" type="text/css" />
<!--[if lt ie 8]><link rel="stylesheet" type="text/css" href="http://packetstatic.com/css1366870159/ie.css" /><![endif]-->
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pt.js"></script>
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pss.js"></script>
<link rel="search" type="application/opensearchdescription+xml" href="http://packetstormsecurity.com/opensearch.xml" title="Packet Storm Site Search" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Headlines" href="http://rss.packetstormsecurity.com/news/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Recent Files" href="http://rss.packetstormsecurity.com/files/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Exploits" href="http://rss.packetstormsecurity.com/files/tags/exploit/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Advisories" href="http://rss.packetstormsecurity.com/files/tags/advisory/" />
</head>
<body id="files">
<div id="t">
   <div id="tc">
      <a id="top" href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="315" height="65" id="logo" alt="packet storm" /></a>
      <div id="slogan">accept no compromises
</div>
      <div id="account"><a href="https://packetstormsecurity.com/account/register/">Register</a> | <a href="https://packetstormsecurity.com/account/login/">Login</a></div>
      <div id="search">
        <form method="get" action="/search/"><input type="text" name="q" id="q" maxlength="120" value="Search …" /><button type="submit"></button><div id="q-tabs"><label for="s-files" class="on">Files</label><label for="s-news">News</label><label for="s-users">Users</label><label for="s-authors">Authors</label><input type="radio" value="files" name="s" id="s-files" /><input type="radio" value="news" name="s" id="s-news" /><input type="radio" value="users" name="s" id="s-users" /><input type="radio" value="authors" name="s" id="s-authors" /></div></form>
      </div>
   </div>
    <div id="tn"><div id="tnc">
        <a href="/" id="tn-home"><span>Home</span></a> <a href="/files/" id="tn-files"><span>Files</span></a> <a href="/news/" id="tn-news"><span>News</span></a> <a href="/about/" id="tn-about"><span>About</span></a> <a href="/contact/" id="tn-contact"><span>Contact</span></a> <a href="/submit/" id="tn-submit"><span>Add New</span></a>
    </div></div>
    <div id="tn2"></div>
</div>

<div id="c">

 <div id="cc">
     <div id="m">
    

    
    
    
     
    <div class="h1"><h1>RHSA-2004:051-01.txt</h1></div>
<dl id="F32671" class="file first">
<dt><a class="ico text-plain" href="/files/download/32671/RHSA-2004%3A051-01.txt" title="Size: 3.8 KB"><strong>RHSA-2004:051-01.txt</strong></a></dt>
<dd class="datetime">Posted <a href="/files/date/2004-02-11/" title="23:21:00 UTC">Feb 11, 2004</a></dd>
<dd class="refer">Authored by <a href="/files/author/3110/" class="person">Mark Cox</a> | Site <a href="http://www.redhat.com/">redhat.com</a></dd>
<dd class="detail"><p>Red Hat Security Advisory - A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.</p></dd>
<dd class="tags"><span>tags</span> | <a href="/files/tags/advisory">advisory</a>, <a href="/files/tags/remote">remote</a>, <a href="/files/tags/arbitrary">arbitrary</a></dd>
<dd class="os"><span>systems</span> | <a href="/files/os/linux">linux</a>, <a href="/files/os/redhat">redhat</a></dd>
<dd class="cve"><span>advisories</span> | <a href="/files/cve/CVE-2004-0078">CVE-2004-0078</a></dd>
<dd class="md5"><span>MD5</span> | <code>4dcf681d5cc413d1c68cac9efd852ac9</code></dd>
<dd class="act-links"><a href="/files/download/32671/RHSA-2004%3A051-01.txt" title="Size: 3.8 KB" rel="nofollow">Download</a> | <a href="/files/favorite/32671/" class="fav" rel="nofollow">Favorite</a> | <a href="/files/32671/RHSA-2004-051-01.txt.html">Comments <span>(0)</span></a></dd>
</dl>
<div id="extra-links"><a href="/files/related/32671/RHSA-2004-051-01.txt.html" id="related">Related Files</a><div id="share">
<h2>Share This</h2>
<ul>
<li><iframe scrolling="no" frameborder="0" allowtransparency="true" style="border: medium none; overflow: hidden; width: 80px; height: 21px;" src="http://www.facebook.com/plugins/like.php?href=http://packetstormsecurity.com/files/32671/RHSA-2004-051-01.txt.html&layout=button_count&show_faces=true&width=250&action=like&font&colorscheme=light&height=21"></iframe></li><li><iframe scrolling="no" frameborder="0" tabindex="0" allowtransparency="true" src="http://platform0.twitter.com/widgets/tweet_button.html?_=1286138321418&count=horizontal&lang=en&text=RHSA-2004:051-01.txt&url=http://packetstormsecurity.com/files/32671/RHSA-2004-051-01.txt.html&via=packet_storm" style="width: 110px; height: 20px;" title="Twitter"></iframe></li><li><a href="http://www.linkedin.com/shareArticle?mini=true&url=http://packetstormsecurity.com/files/32671/RHSA-2004-051-01.txt.html&title=RHSA-2004:051-01.txt&source=Packet+Storm" class="LinkedIn">LinkedIn</a></li><li><a href="http://www.reddit.com/submit?url=http://packetstormsecurity.com/files/32671/RHSA-2004-051-01.txt.html&title=RHSA-2004:051-01.txt" class="Reddit">Reddit</a></li><li><a href="http://digg.com/submit?phase=2&url=http://packetstormsecurity.com/files/32671/RHSA-2004-051-01.txt.html" class="Digg">Digg</a></li><li><a href="http://www.stumbleupon.com/submit?url=http://packetstormsecurity.com/files/32671/RHSA-2004-051-01.txt.html&title=RHSA-2004:051-01.txt" class="StumbleUpon">StumbleUpon</a></li></ul>
</div>
</div>
<div class="h1"><h1>RHSA-2004:051-01.txt</h1></div>
<div class="src">
<div><a href="/mirrors/">Change Mirror</a> <a href="/files/download/32671/RHSA-2004%3A051-01.txt">Download</a></div>
<pre><code>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA1<br /><br />- ---------------------------------------------------------------------<br />                   Red Hat Security Advisory<br /><br />Synopsis:          Updated mutt packages fix remotely-triggerable crash<br />Advisory ID:       RHSA-2004:051-01<br />Issue date:        2004-02-11<br />Updated on:        2004-02-11<br />Product:           Red Hat Linux<br />Keywords:          mutt menu crash<br />Cross references:  <br />Obsoletes:         <br />CVE Names:         CAN-2004-0078<br />- ---------------------------------------------------------------------<br /><br />1. Topic:<br /><br />New mutt packages that fix a remotely-triggerable crash in the menu drawing<br />code are now available.<br /><br />2. Relevant releases/architectures:<br /><br />Red Hat Linux 9 - i386<br /><br />3. Problem description:<br /><br />Mutt is a text-mode mail user agent.<br /><br />A bug was found in the index menu code in versions of mutt.  A remote<br />attacker could send a carefully crafted mail message that can cause mutt<br />to segfault and possibly execute arbitrary code as the victim.  The Common<br />Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name<br />CAN-2004-0078 to this issue.<br /><br />It is recommended that all mutt users upgrade to these updated packages,<br />which contain a backported security patch and are not vulnerable to this issue.<br /><br />Red Hat would like to thank Niels Heinen for reporting this issue.<br /><br />4. Solution:<br /><br />Before applying this update, make sure all previously released errata<br />relevant to your system have been applied.<br /><br />To update all RPMs for your particular architecture, run:<br /><br />rpm -Fvh [filenames]<br /><br />where [filenames] is a list of the RPMs you wish to upgrade.  Only those<br />RPMs which are currently installed will be updated.  Those RPMs which are<br />not installed but included in the list will not be updated.  Note that you<br />can also use wildcards (*.rpm) if your current directory *only* contains the<br />desired RPMs.<br /><br />Please note that this update is also available via Red Hat Network.  Many<br />people find this an easier way to apply updates.  To use Red Hat Network,<br />launch the Red Hat Update Agent with the following command:<br /><br />up2date<br /><br />This will start an interactive process that will result in the appropriate<br />RPMs being upgraded on your system.<br /><br />If up2date fails to connect to Red Hat Network due to SSL<br />Certificate Errors, you need to install a version of the<br />up2date client with an updated certificate.  The latest version of<br />up2date is available from the Red Hat FTP site and may also be<br />downloaded directly from the RHN website:<br /><br />https://rhn.redhat.com/help/latest-up2date.pxt<br /><br />5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):<br /><br />114452 - CAN-2004-0078 Mutt can be remotely crashed<br /><br />6. RPMs required:<br /><br />Red Hat Linux 9:<br /><br />SRPMS:<br />ftp://updates.redhat.com/9/en/os/SRPMS/mutt-1.4.1-3.3.src.rpm<br /><br />i386:<br />ftp://updates.redhat.com/9/en/os/i386/mutt-1.4.1-3.3.i386.rpm<br /><br /><br /><br />7. Verification:<br /><br />MD5 sum                          Package Name<br />- --------------------------------------------------------------------------<br /><br />9a76602aa1256360273b58ad7c39b629 9/en/os/SRPMS/mutt-1.4.1-3.3.src.rpm<br />4d0002ca7394157b33d75c9d1f63aebc 9/en/os/i386/mutt-1.4.1-3.3.i386.rpm<br /><br />These packages are GPG signed by Red Hat for security.  Our key is<br />available from https://www.redhat.com/security/keys.html<br /><br />You can verify each package with the following command:<br />    <br />    rpm --checksig -v <filename><br /><br />If you only wish to verify that each package has not been corrupted or<br />tampered with, examine only the md5sum with the following command:<br />    <br />    md5sum <filename><br /><br /><br />8. References:<br /><br />http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078<br /><br />9. Contact:<br /><br />The Red Hat security contact is <secalert@redhat.com>.  More contact<br />details at https://www.redhat.com/solutions/security/news/contact.html<br /><br />Copyright 2003 Red Hat, Inc.<br />-----BEGIN PGP SIGNATURE-----<br />Version: GnuPG v1.0.7 (GNU/Linux)<br /><br />iD8DBQFAKjVIXlSAg2UNWIIRAsAnAJ9RYfjM7bKHdkNA8CKUpdeC23antwCfYFTP<br />ys/3ZCyvWF0TnNnXL5/uni8=<br />=16Je<br />-----END PGP SIGNATURE-----<br /></code></pre>
</div>
<div id="comments">
<h2>Comments</h2><a href="http://rss.packetstormsecurity.com/files/32671" class="rss-cmt"><img src="http://packetstatic.com/img1353978071/bt_rss.gif" width="16" height="16" alt="RSS Feed" /> <span>Subscribe to this comment feed</span></a><br /><p id="comment-none">No comments yet, be the first!</p></div>
<div id="comment-form" style="display:none"></div><div id="comment-login"><a href="https://packetstormsecurity.com/account/login/">Login</a> or <a href="https://packetstormsecurity.com/account/register/">Register</a> to post a comment</div>
    
    
     </div>
    
      <div id="adblock">
        
      </div>
      <div id="mn">
        <div class="mn-like-us">
<ul>
<li><a href="https://twitter.com/packet_storm"><img src="http://packetstatic.com/img1353978071/s_twitter.png" width="24" height="24" alt="Follow on Twitter" /> Follow us on Twitter</a></li>
<li><a href="https://www.facebook.com/packetstormfeed"><img src="http://packetstatic.com/img1353978071/s_facebook.png" width="24" height="24" alt="Follow on Facebook" /> Follow us on Facebook</a></li>
<li><a href="/feeds"><img src="http://packetstatic.com/img1353978071/s_rss.png" width="24" height="24" alt="View RSS Feeds" /> Subscribe to an RSS Feed</a></li>
</ul>
</div>
<div class="mn-like-us"><ul><li style="border-color: #afa; background: #efe"><a style="border-color: #6f6; background: #afa; color: #060; padding-left: 0;" href="/bugbounty/"><span style="color:#393">$ $ $</span>  Write Exploits? Get Paid!</a></li></ul></div>
<div>
<form id="cal" action="/files/cal/" method="post">
<h2>File Archive:</h2><h3>April 2013</h3>
<button id="cal-prev" name="cal-prev" type="button" value="2013-4"><span><</span></button><ul class="dotw"><li>Su</li><li>Mo</li><li>Tu</li><li>We</li><li>Th</li><li>Fr</li><li>Sa</li></ul>
<ul><li></li><li class="low"><a href="/files/date/2013-04-01/">1</a><div class="stats"><div class="point"></div><div class="date">Apr 1st</div><div class="count">10 Files</div></div></li><li class="med"><a href="/files/date/2013-04-02/">2</a><div class="stats"><div class="point"></div><div class="date">Apr 2nd</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-03/">3</a><div class="stats"><div class="point"></div><div class="date">Apr 3rd</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-04/">4</a><div class="stats"><div class="point"></div><div class="date">Apr 4th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-05/">5</a><div class="stats"><div class="point"></div><div class="date">Apr 5th</div><div class="count">30 Files</div></div></li><li class="low"><a href="/files/date/2013-04-06/">6</a><div class="stats"><div class="point"></div><div class="date">Apr 6th</div><div class="count">4 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-07/">7</a><div class="stats"><div class="point"></div><div class="date">Apr 7th</div><div class="count">12 Files</div></div></li><li class="med"><a href="/files/date/2013-04-08/">8</a><div class="stats"><div class="point"></div><div class="date">Apr 8th</div><div class="count">23 Files</div></div></li><li class="med"><a href="/files/date/2013-04-09/">9</a><div class="stats"><div class="point"></div><div class="date">Apr 9th</div><div class="count">26 Files</div></div></li><li class="med"><a href="/files/date/2013-04-10/">10</a><div class="stats"><div class="point"></div><div class="date">Apr 10th</div><div class="count">30 Files</div></div></li><li class="high"><a href="/files/date/2013-04-11/">11</a><div class="stats"><div class="point"></div><div class="date">Apr 11th</div><div class="count">63 Files</div></div></li><li class="low"><a href="/files/date/2013-04-12/">12</a><div class="stats"><div class="point"></div><div class="date">Apr 12th</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-13/">13</a><div class="stats"><div class="point"></div><div class="date">Apr 13th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-14/">14</a><div class="stats"><div class="point"></div><div class="date">Apr 14th</div><div class="count">2 Files</div></div></li><li class="low"><a href="/files/date/2013-04-15/">15</a><div class="stats"><div class="point"></div><div class="date">Apr 15th</div><div class="count">11 Files</div></div></li><li class="med"><a href="/files/date/2013-04-16/">16</a><div class="stats"><div class="point"></div><div class="date">Apr 16th</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-17/">17</a><div class="stats"><div class="point"></div><div class="date">Apr 17th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-18/">18</a><div class="stats"><div class="point"></div><div class="date">Apr 18th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-19/">19</a><div class="stats"><div class="point"></div><div class="date">Apr 19th</div><div class="count">19 Files</div></div></li><li class="low"><a href="/files/date/2013-04-20/">20</a><div class="stats"><div class="point"></div><div class="date">Apr 20th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-21/">21</a><div class="stats"><div class="point"></div><div class="date">Apr 21st</div><div class="count">3 Files</div></div></li><li class="low"><a href="/files/date/2013-04-22/">22</a><div class="stats"><div class="point"></div><div class="date">Apr 22nd</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-23/">23</a><div class="stats"><div class="point"></div><div class="date">Apr 23rd</div><div class="count">13 Files</div></div></li><li class="low"><a href="/files/date/2013-04-24/">24</a><div class="stats"><div class="point"></div><div class="date">Apr 24th</div><div class="count">11 Files</div></div></li><li class="none today"><a href="/files/date/2013-04-25/">25</a><div class="stats"><div class="point"></div><div class="date">Apr 25th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-26/">26</a><div class="stats"><div class="point"></div><div class="date">Apr 26th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-27/">27</a><div class="stats"><div class="point"></div><div class="date">Apr 27th</div><div class="count">0 Files</div></div></li></ul>
<ul><li class="none"><a href="/files/date/2013-04-28/">28</a><div class="stats"><div class="point"></div><div class="date">Apr 28th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-29/">29</a><div class="stats"><div class="point"></div><div class="date">Apr 29th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-30/">30</a><div class="stats"><div class="point"></div><div class="date">Apr 30th</div><div class="count">0 Files</div></div></li><li></li><li></li><li></li><li></li></ul>
</form></div>
<div id="mn-top-author" class="top-ten">
<h2>Top Authors In Last 30 Days</h2>
<ul>
<li><a href="/files/authors/3786">Mandriva</a> <span>126 files</span></li>
<li><a href="/files/authors/4676">Red Hat</a> <span>44 files</span></li>
<li><a href="/files/authors/3695">Ubuntu</a> <span>28 files</span></li>
<li><a href="/files/authors/2985">Cisco Systems</a> <span>17 files</span></li>
<li><a href="/files/authors/2821">Debian</a> <span>11 files</span></li>
<li><a href="/files/authors/4612">HP</a> <span>11 files</span></li>
<li><a href="/files/authors/8993">juan vazquez</a> <span>9 files</span></li>
<li><a href="/files/authors/8123">Michael Messner</a> <span>7 files</span></li>
<li><a href="/files/authors/8035">High-Tech Bridge SA</a> <span>7 files</span></li>
<li><a href="/files/authors/8982">Slackware Security Team</a> <span>7 files</span></li>
</ul>
</div>
<div id="mn-tag-file"><h2>File Tags</h2><ul><li><a href="/files/tags/activex/">ActiveX</a> <span>(873)</span></li><li><a href="/files/tags/advisory/">Advisory</a> <span>(55,748)</span></li><li><a href="/files/tags/arbitrary/">Arbitrary</a> <span>(8,747)</span></li><li><a href="/files/tags/bbs/">BBS</a> <span>(2,859)</span></li><li><a href="/files/tags/bypass/">Bypass</a> <span>(575)</span></li><li><a href="/files/tags/cgi/">CGI</a> <span>(847)</span></li><li><a href="/files/tags/code_execution/">Code Execution</a> <span>(3,370)</span></li><li><a href="/files/tags/cracker/">Cracker</a> <span>(685)</span></li><li><a href="/files/tags/csrf/">CSRF</a> <span>(1,857)</span></li><li><a href="/files/tags/denial_of_service/">DoS</a> <span>(14,917)</span></li><li><a href="/files/tags/encryption/">Encryption</a> <span>(2,115)</span></li><li><a href="/files/tags/exploit/">Exploit</a> <span>(29,367)</span></li><li><a href="/files/tags/file_inclusion/">File Inclusion</a> <span>(3,386)</span></li><li><a href="/files/tags/firewall/">Firewall</a> <span>(748)</span></li><li><a href="/files/tags/info_disclosure/">Info Disclosure</a> <span>(1,212)</span></li><li><a href="/files/tags/intrusion_detection/">Intrusion Detection</a> <span>(663)</span></li><li><a href="/files/tags/java/">Java</a> <span>(1,320)</span></li><li><a href="/files/tags/javascript/">JavaScript</a> <span>(503)</span></li><li><a href="/files/tags/kernel/">Kernel</a> <span>(2,825)</span></li><li><a href="/files/tags/local/">Local</a> <span>(10,570)</span></li><li><a href="/files/tags/magazine/">Magazine</a> <span>(503)</span></li><li><a href="/files/tags/overflow/">Overflow</a> <span>(8,311)</span></li><li><a href="/files/tags/perl/">Perl</a> <span>(1,213)</span></li><li><a href="/files/tags/php/">PHP</a> <span>(3,984)</span></li><li><a href="/files/tags/proof_of_concept/">Proof of Concept</a> <span>(1,589)</span></li><li><a href="/files/tags/protocol/">Protocol</a> <span>(1,839)</span></li><li><a href="/files/tags/python/">Python</a> <span>(705)</span></li><li><a href="/files/tags/remote/">Remote</a> <span>(19,367)</span></li><li><a href="/files/tags/root/">Root</a> <span>(2,443)</span></li><li><a href="/files/tags/scanner/">Scanner</a> <span>(1,317)</span></li><li><a href="/files/tags/tool/">Security Tool</a> <span>(5,638)</span></li><li><a href="/files/tags/shell/">Shell</a> <span>(1,943)</span></li><li><a href="/files/tags/shellcode/">Shellcode</a> <span>(772)</span></li><li><a href="/files/tags/sniffer/">Sniffer</a> <span>(781)</span></li><li><a href="/files/tags/spoof/">Spoof</a> <span>(1,653)</span></li><li><a href="/files/tags/sql_injection/">SQL Injection</a> <span>(12,575)</span></li><li><a href="/files/tags/tcp/">TCP</a> <span>(1,961)</span></li><li><a href="/files/tags/trojan/">Trojan</a> <span>(541)</span></li><li><a href="/files/tags/udp/">UDP</a> <span>(713)</span></li><li><a href="/files/tags/virus/">Virus</a> <span>(573)</span></li><li><a href="/files/tags/vulnerability/">Vulnerability</a> <span>(22,058)</span></li><li><a href="/files/tags/web/">Web</a> <span>(5,497)</span></li><li><a href="/files/tags/paper/">Whitepaper</a> <span>(2,850)</span></li><li><a href="/files/tags/x86/">x86</a> <span>(585)</span></li><li><a href="/files/tags/xss/">XSS</a> <span>(12,267)</span></li><li><a href="/files/tags/">Other</a></li></ul></div><div id="mn-arch-file"><h2>File Archives</h2><ul><li><a href="/files/date/2013-04/">April 2013</a></li><li><a href="/files/date/2013-03/">March 2013</a></li><li><a href="/files/date/2013-02/">February 2013</a></li><li><a href="/files/date/2013-01/">January 2013</a></li><li><a href="/files/date/2012-12/">December 2012</a></li><li><a href="/files/date/2012-11/">November 2012</a></li><li><a href="/files/date/2012-10/">October 2012</a></li><li><a href="/files/date/2012-09/">September 2012</a></li><li><a href="/files/date/2012-08/">August 2012</a></li><li><a href="/files/date/2012-07/">July 2012</a></li><li><a href="/files/date/2012-06/">June 2012</a></li><li><a href="/files/date/2012-05/">May 2012</a></li><li><a href="/files/date/">Older</a></li></ul></div><div id="mn-os-file"><h2>Systems</h2><ul><li><a href="/files/os/aix/">AIX</a> <span>(371)</span></li><li><a href="/files/os/apple/">Apple</a> <span>(1,067)</span></li><li><a href="/files/os/bsd/">BSD</a> <span>(305)</span></li><li><a href="/files/os/cisco/">Cisco</a> <span>(1,393)</span></li><li><a href="/files/os/debian/">Debian</a> <span>(4,133)</span></li><li><a href="/files/os/fedora/">Fedora</a> <span>(1,663)</span></li><li><a href="/files/os/freebsd/">FreeBSD</a> <span>(1,053)</span></li><li><a href="/files/os/gentoo/">Gentoo</a> <span>(2,646)</span></li><li><a href="/files/os/hpux/">HPUX</a> <span>(735)</span></li><li><a href="/files/os/iphone/">iPhone</a> <span>(99)</span></li><li><a href="/files/os/irix/">IRIX</a> <span>(218)</span></li><li><a href="/files/os/juniper/">Juniper</a> <span>(63)</span></li><li><a href="/files/os/linux/">Linux</a> <span>(23,246)</span></li><li><a href="/files/os/osx/">Mac OS X</a> <span>(453)</span></li><li><a href="/files/os/mandriva/">Mandriva</a> <span>(2,472)</span></li><li><a href="/files/os/netbsd/">NetBSD</a> <span>(244)</span></li><li><a href="/files/os/openbsd/">OpenBSD</a> <span>(422)</span></li><li><a href="/files/os/redhat/">RedHat</a> <span>(3,170)</span></li><li><a href="/files/os/slackware/">Slackware</a> <span>(447)</span></li><li><a href="/files/os/solaris/">Solaris</a> <span>(1,524)</span></li><li><a href="/files/os/suse/">SUSE</a> <span>(1,440)</span></li><li><a href="/files/os/ubuntu/">Ubuntu</a> <span>(3,312)</span></li><li><a href="/files/os/unix/">UNIX</a> <span>(7,126)</span></li><li><a href="/files/os/unixware/">UnixWare</a> <span>(152)</span></li><li><a href="/files/os/windows/">Windows</a> <span>(4,233)</span></li><li><a href="/files/os/">Other</a></li></ul></div>
      </div>

  </div>

</div>

<div id="f">
  <div id="fc">

    <div class="f-box" style="margin: 50px 0 0 0;">
        <a href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="218" alt="packet storm" /></a>
    <p class="copy">© 2013 Packet Storm. All rights reserved.</p>
    </div>

    <div class="f-box">
    <dl>
      <dt>Site Links</dt>
      <dd><a href="/news/date/">News by Month</a></dd>
      <dd><a href="/news/tags/">News Tags</a></dd>
      <dd><a href="/files/date/">Files by Month</a></dd>
      <dd><a href="/files/tags/">File Tags</a></dd>
      <dd><a href="/files/directory/">File Directory</a></dd>
    </dl>    
    </div>

    <div class="f-box">
    <dl>
      <dt>About Us</dt>
      <dd><a href="/about/">History & Purpose</a></dd>
      <dd><a href="/contact/">Contact Information</a></dd>
      <dd><a href="/legal/tos.html">Terms of Service</a></dd>
      <dd><a href="/legal/privacy.html">Privacy Statement</a></dd>
      <dd><a href="/legal/copyright.html">Copyright Information</a></dd>
    </dl>
    </div>

    <div class="f-box">
	<dl>
      <dt>Services</dt>
      <dd><a href="/services/">Security Services</a></dd>
      <dt style="margin-top:1.5em;">Hosting By</dt>
      <dd><a href="http://www.rokabear.com/">Rokabear</a></dd>
      <dd><a href="/mirrors/">Global Mirror List</a></dd>
    </dl>   
    </div>
    <div class="f-box">
    <ul class="f-follow">
     <li><a href="https://twitter.com/packet_storm"><img width="24" height="24" alt="Follow on Twitter" src="http://packetstatic.com/img1353978071/s_twitter.png" /> Follow us on Twitter</a></li>
     <li><a href="https://www.facebook.com/packetstormfeed"><img width="24" height="24" alt="Follow on Facebook" src="http://packetstatic.com/img1353978071/s_facebook.png" /> Follow us on Facebook</a></li>
     <li><a href="/feeds"><img width="24" height="24" alt="View RSS Feeds" src="http://packetstatic.com/img1353978071/s_rss.png" /> Subscribe to an RSS Feed</a></li>
    </ul>
    </div>

  </div>
</div>

<div id="o-box"><img src="http://packetstatic.com/img1353978071/o_close.png" alt="close" height="30" width="30" id="o-close" /><div id="o-main"></div></div>


<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-18885198-1']); _gaq.push(['_setDomainName', '.packetstormsecurity.com']); _gaq.push(['_trackPageview']); (function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})(); </script><noscript><img src="http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2328517968&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=RHSA-2004%3A051-01.txt%u2248%20Packet%20Storm&utmhn=packetstormsecurity.com&utmr=-&utmp=%2Ffiles%2F32671%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2328517968.1366883072.1366883072.1366883072.1%3B%2B__utmz%3D32867617.1366883072.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)" width="2" height="2" alt="" /></noscript>
<!-- Thu, 25 Apr 2013 09:44:29 GMT -->
</body>
</html>
    

- 漏洞信息

3918
Mutt menu.c menu_pad_string Function Index Menu Code Remote Overflow DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

Mutt contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted email is sent by an attacker, and will result in loss of availability for the program.

- 时间线

2004-01-19 2004-01-19
Unknow Unknow

- 解决方案

Upgrade to version 1.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Mutt Menu Drawing Remote Buffer Overflow Vulnerability
Boundary Condition Error 9641
Yes No
2004-02-11 12:00:00 2009-07-12 02:06:00
Discovery credited to Niels Heinen.

- 受影响的程序版本

Sun Cobalt RaQ XTR
Sun Cobalt RaQ 4
Sun Cobalt Qube 3
RedHat mutt-1.4-4.i386.rpm
+ RedHat Linux 8.0
Mutt Mutt 1.4.1
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Trustix Secure Linux 2.0
Mutt Mutt 1.4 .0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Netwosix Netwosix Linux 1.0
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG Current
+ RedHat Linux 8.0 i686
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
Mutt Mutt 1.3.28
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Mutt Mutt 1.3.27
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Mutt Mutt 1.3.25
Mutt Mutt 1.3.24
Mutt Mutt 1.3.22
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
Mutt Mutt 1.3.17
+ Conectiva Linux 7.0
Mutt Mutt 1.3.16
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
Mutt Mutt 1.3.12 -1
Mutt Mutt 1.3.12
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
Mutt Mutt 1.2.5 .1
Mutt Mutt 1.2.5 -5
Mutt Mutt 1.2.5 -4
Mutt Mutt 1.2.5 -12OL
- Caldera OpenLinux 2.3
Mutt Mutt 1.2.5 -12
- Caldera OpenLinux eBuilder 3.0
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1.1
- Caldera OpenLinux Workstation 3.1
- SCO eDesktop 2.4
- SCO eServer 2.3.1
Mutt Mutt 1.2.5 -1
Mutt Mutt 1.2.5
+ Caldera OpenLinux 3.1 -IA64
+ Caldera OpenLinux 2.3
+ Caldera OpenLinux eBuilder 3.0
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 6.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 J i386
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
Mutt Mutt 1.2 -1
Mutt Mutt 1.5.4
Mutt Mutt 1.5.3
Mutt Mutt 1.4.2
+ Netwosix Netwosix Linux 1.0

- 不受影响的程序版本

Mutt Mutt 1.5.4
Mutt Mutt 1.5.3
Mutt Mutt 1.4.2
+ Netwosix Netwosix Linux 1.0

- 漏洞讨论

A problem in the handling of some types of e-mail input has been identified in Mutt. Because of this issue, a remote attacker may be able to crash a vulnerable client, resulting in a denial of service to users. This is reported to be due to a buffer overflow, potentially allowing for arbitrary code execution in the context of the client user.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Red Hat has released advisory RHSA-2004:051-01 to address this issue.

Mandrake has released advisory MDKSA-2004:010 with fixes to address this issue.

Slackware has released an advisory (SSA:2004-043-01) that includes fixes to address this issue. Please see the attached avdisory for information on obtaining and applying fixes.

Trustix has released advisory 2004-0006 to address this issue.

Netwosix Linux has released an advisory (2004-0001) that includes fixes to address this issue.

OpenPKG has made an updated package available. Please see the attached advisory for more information.

SCO Linux has released advisory CSSA-2004-013.0 and a fix dealing with this issue.

Sun has released fixes dealing with this issues for their Cobalt series operating systems.

A fixed version has been made available:


Sun Cobalt Qube 3

Sun Cobalt RaQ 4

Sun Cobalt RaQ XTR

Mutt Mutt 1.2 -1

Mutt Mutt 1.2.5 -1

Mutt Mutt 1.2.5

Mutt Mutt 1.2.5 -4

Mutt Mutt 1.2.5 -5

Mutt Mutt 1.2.5 -12

Mutt Mutt 1.2.5 -12OL

Mutt Mutt 1.2.5 .1

Mutt Mutt 1.3.12 -1

Mutt Mutt 1.3.12

Mutt Mutt 1.3.16

Mutt Mutt 1.3.17

Mutt Mutt 1.3.22

Mutt Mutt 1.3.24

Mutt Mutt 1.3.25

Mutt Mutt 1.3.27

Mutt Mutt 1.3.28

Mutt Mutt 1.4 .0

Mutt Mutt 1.4.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站