Mutt long folder name buffer overflow

mutt-folder-name-bo (11583)

High Risk

Description:

Mutt is vulnerable to a denial of service attack, caused by a buffer overflow in the utf8_to_utf7() function in the imap/utf7.c module. By creating an international folder with an overly long name, a remote attacker in control of a malicious IMAP server could overflow a buffer and cause Mutt to crash or execute arbitrary code on the system with privileges of the Mutt user, once the victim opens the folder.

Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Mutt (1.4.1 or later of the stable branch) or (1.5.4 or later of the development branch), as listed in the BugTraq Mailing List posting dated Wed Mar 19 2003 - 17:15:46 CST. See References.

For OpenPKG:
Upgrade to the latest mutt package, as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2003.025 for more information. See References.

OpenPKG CURRENT: 1.4.1i-20030320 or later
OpenPKG 1.2: 1.4i-1.2.1 or later
OpenPKG 1.1: 1.4i-1.1.1 or later

For SuSe Linux:
Upgrade to the latest mutt package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2003:020 for more information. See References.

SuSE 8.1: 1.4i-216 or later
SuSE 8.0: 1.3.27i-77 or later
SuSE 7.3: 1.3.22.1i-170 or later
SuSE 7.2: 1.3.16i-92 or later
SuSE 7.1: 1.3.12i-69 or later
SuSE 7.3 (Sparc): 1.3.22.1i-39 or later
SuSE 7.1 (AXP Alpha): 1.3.12i-15 or later
SuSE 7.3 (PPC Power): 1.3.22.1i-124 or later
SuSE 7.1 (PPC Power): 1.3.12i-16 or later

For Gentoo Linux:
Upgrade to the latest version of mutt (1.4.1 or later), as listed in Gentoo Linux Security Announcement 200303-19. See References.

For Gentoo Linux:
Upgrade to the latest version of balsa (2.0.10 or later), as listed in Gentoo Linux Security Announcement 200304-10. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of mutt (1.3.28-2.1 or later), as listed in DSA-268-1. See References.

For Slackware Linux:
Upgrade to the latest mutt package, as listed below. Refer to slackware-security Mailing List, Sat, 29 Mar 2003 15:56:21 -0800 (PST) for more information. See References.

Slackware Linux 8.1 and 9.0: 1.4.1i-i386-1 or later

For Red Hat Linux 8.0 and 9:
Upgrade to the latest mutt package, as listed below. Refer to RHSA-2003:109-12 for more information. See References.

For Conectiva Linux 8.0:
Upgrade to the latest version of balsa (1.2.4-2U80_1cl or later), as listed in Conectiva Linux Security Announcement CLSA-2003:630. See References.

For Conectiva Linux 8.0:
Upgrade to the latest version of libesmtp (0.8.12-1U80_1cl or later), as listed in Conectiva Linux Security Announcement CLSA-2003:630. See References.

For Conectiva Linux 9:
Upgrade to the latest version of balsa (2.0.9-29086U90_1cl or later), as listed in Conectiva Linux Security Announcement CLSA-2003:635. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

• BugTraq Mailing List, Wed Mar 19 2003 - 17:15:46 CST : mutt-1.4.1 fixes a buffer overflow..
• Conectiva Linux Security Announcement CLSA-2003:630: balsa.
• Conectiva Linux Security Announcement CLSA-2003:635: balsa.
• Core Security Technologies Advisory CORE-20030304-02: Vulnerability in Mutt Mail User Agent.
• Gentoo Linux Security Announcement 200303-19: mutt buffer overflow.
• Gentoo Linux Security Announcement 200304-10: balsa remote.
• slackware-security Mailing List, Sat, 29 Mar 2003 15:56:21 -0800 (PST): [slackware-security] Mutt buffer overflow in IMAP support.
• BID-7120: Mutt UTF-7 Internationalized Remote Folder Buffer Overrun Vulnerability
• CVE-2003-0140: Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
• DSA-268: mutt -- buffer overflow
• MDKSA-2003:041: Updated mutt packages fix exploitable buffer overflow
• MDKSA-2003:041-1: Updated mutt packages fix exploitable buffer overflow
• RHSA-2003-109: Updated balsa and mutt packages fix vulnerabilities
• RHSA-2003-111: balsa security update
• SUSE-SA:2003:020: mutt: remote system compromise

Platforms Affected:

• Conectiva Linux 8.0
• Conectiva Linux 9.0
• Debian Debian Linux 3.0
• Gentoo Linux
• MandrakeSoft Mandrake Linux 8.2
• MandrakeSoft Mandrake Linux 8.2 PPC
• MandrakeSoft Mandrake Linux 9.0
• MandrakeSoft Mandrake Linux 9.1
• MandrakeSoft Mandrake Linux 9.1 PPC
• Michael R. Elkins and Jeremy Blosser Mutt 1.4.0
• Michael R. Elkins and Jeremy Blosser Mutt 1.5.3
• Novell SuSE Linux Enterprise Server 7.0
• OpenPKG OpenPKG 1.1
• OpenPKG OpenPKG 1.2
• OpenPKG OpenPKG CURRENT
• RedHat Enterprise Linux 2.1 AS
• RedHat Enterprise Linux 2.1 ES
• RedHat Enterprise Linux 2.1 WS
• RedHat Linux 7
• RedHat Linux 7.1
• RedHat Linux 7.2
• RedHat Linux 7.3
• RedHat Linux 8.0
• RedHat Linux 9.0
• RedHat Linux Advanced Workstation 2.1 Itanium
• Slackware Slackware Linux 8.1
• Slackware Slackware Linux 9.0
• Stuart Parmenter Balsa 1.2
• SuSE Linux Enterprise Server 8
• SuSE SuSE eMail Server 3.1
• SuSE SuSE eMail Server III
• SUSE SuSE Linux 7.1
• SUSE SuSE Linux 7.2
• SUSE SuSE Linux 7.3
• SUSE SuSE Linux 8.0
• SUSE SuSE Linux 8.1
• SuSE SuSE Linux Connectivity Server
• SuSE SuSE Linux Database Server
• SuSE SuSE Linux Firewall
• SuSE SuSE Linux Office Server

Reported:

Mar 19, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page