Rapid7 Vulnerability & Exploit Database

RHSA-2001:029: New mutt packages fix IMAP vulnerability/incompatibility

Back to Search

RHSA-2001:029: New mutt packages fix IMAP vulnerability/incompatibility

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
06/27/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

New mutt packages are available. These packages fix an instance of the common 'format string' vulnerability, and correct an incompatibilty with the current errata IMAP server. It is recommended that all mutt users using Red Hat Linux upgrade to the new packages. The version of mutt shipped in Red Hat Linux 7.0 does not contain the format string vulnerability; it is merely a bugfix update. Users of Red Hat Linux 6.0 and 6.1 should use the packages for Red Hat Linux 6.2. Additionally, the packages for Red Hat Linux 6.2 have support for SSL-IMAP and GSSAPI; the new packages require the openssl enhancement errata.

An example of a 'format string' vulnerability was present in the IMAP code in versions of mutt previous to 1.2.5. This had the effect that a compromised or malicious IMAP server could possibly execute code on the local machine. The mutt packages in Red Hat Linux 7.0 were incompatible with the errata IMAP server released for Red Hat Linux in regards to GSSAPI authentication.

Solution(s)

  • redhat-upgrade-mutt

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;