Rapid7 Vulnerability & Exploit Database

RHSA-2002:003: New mutt packages available to fix security problem

Back to Search

RHSA-2002:003: New mutt packages available to fix security problem

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
02/27/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

New mutt packages that fix an overflow in mutt's address parsing code are available. It is recommended that all mutt users update to the fixed packages.

An overflow exists in mutt's RFC822 address parser. A remote attacker could send a carefully crafted email message which when read by mutt would be able to overwrite arbitrary bytes in memory. The updated mutt-1.2.5.1 release fixes the problem. Thanks go to Joost Pol for discovering the bug and the Mutt team for the fixed release. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0001 to this issue.

Solution(s)

  • redhat-upgrade-mutt

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;