Mandriva Update For Mutt MDKSA-2007:113 (mutt) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials (CVE-2007-1558). A flaw in how mutt handled certain characters in gecos fields could lead to a buffer overflow. A local user able to give themselves a carefully crafted Real Name could potentially execute arbitrary code if a victim used mutt to expand the attacker's alias (CVE-2007-2683). Updated packages have been patched to address these issues.

Affected

mutt on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-1558, CVE-2007-2683
CVSS Base Score: 3.5
AV:L/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Mandriva Update for ipmitool MDVSA-2011:196 (ipmitool)
Mandriva Update for mysql MDVSA-2010:155 (mysql)
Mandriva Update for krb5 MDVA-2010:177 (krb5)
Mandriva Update for postfix MDVSA-2008:190 (postfix)
Mandriva Update for systemd MDVSA-2012:030 (systemd)

Mandriva Update for mutt MDKSA-2007:113 (mutt)

Take action and discover your vulnerabilities