Rapid7 Vulnerability & Exploit Database

RHSA-2003:109: Updated balsa and mutt packages fix vulnerabilities

Back to Search

RHSA-2003:109: Updated balsa and mutt packages fix vulnerabilities

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
03/24/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

New Balsa, Mutt, and libesmtp packages that fix potential buffer overflow vulnerabilities are now available.

Mutt is a text-mode email client. Balsa is a GNOME email client which includes code from Mutt. A potential buffer overflow in Mutt version 1.4 exists when parsing mailbox names returned by an IMAP server. It is possible that a hostile IMAP server could cause arbitrary code to be executed by the user running Mutt. This issue affects versions of Mutt provided with Red Hat Linux 8.0 and Red Hat Linux 9. Versions 1.2 and higher of Balsa incorporate the vulnerable Mutt IMAP code and are therefore vulnerable to this issue as well. It is possible that a hostile IMAP server could cause arbitrary code to be executed by the user running Balsa. This issue affects Red Hat Linux 7.2, 7.3, 8.0 and 9. Additionally, a buffer overflow in libesmtp, an SMTP library used by Balsa, before version 0.8.11 allows a hostile remote SMTP server to execute arbitrary code via a certain response or cause a denial of service via long server responses. This issue only affects versions of libesmtp provided by Red Hat Linux 7.2 and 7.3. Users of Mutt and Balsa are recommended to update to these erratum packages containing updated versions of Mutt, Balsa, and libesmtp which are not vulnerable to these issues.

Solution(s)

  • redhat-upgrade-balsa
  • redhat-upgrade-libesmtp
  • redhat-upgrade-libesmtp-devel
  • redhat-upgrade-mutt

References

  • redhat-upgrade-balsa
  • redhat-upgrade-libesmtp
  • redhat-upgrade-libesmtp-devel
  • redhat-upgrade-mutt

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;