Mutt GECOS buffer overflow
| mutt-gecos-bo (34441) |  High Risk |
Description:
Mutt is vulnerable to a buffer overflow, caused by improper bounds checking. By sending multiple "&" characters in the GECOS field, a local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
Note: In order to execute code on the system with elevated privileges, the attacker would first need to have a real name in an authenticated alias file.
Platforms Affected:
- MandrakeSoft, Mandrake Linux 2007 X86_64
- MandrakeSoft, Mandrake Linux 2007
- MandrakeSoft, Mandrake Linux 2007.1
- MandrakeSoft, Mandrake Linux 2007.1 X86_64
- MandrakeSoft, Mandrake Linux 2008.0 X86_64
- MandrakeSoft, Mandrake Linux Corporate Server 3.0
- MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
- Michael R. Elkins and Jeremy Blosser, Mutt 1.4.2
- RedHat, Enterprise Linux 3 ES
- RedHat, Enterprise Linux 3 AS
- RedHat, Enterprise Linux 3 Desktop
- RedHat, Enterprise Linux 3 WS
- RedHat, Enterprise Linux 4 Desktop
- RedHat, Enterprise Linux 4 WS
- RedHat, Enterprise Linux 4 ES
- RedHat, Enterprise Linux 4 AS
- RedHat, Enterprise Linux 5
- RedHat, Enterprise Linux 5 Client
- RedHat, Enterprise Linux 5 Client Workstation
- RedHat, Enterprise Linux 5 Server
- RedHat, Enterprise Linux Desktop 5.0
Remedy:
For Red Hat Linux (mutt):
Refer to RHSA-2007:0386 for patch, upgrade, or suggested workaround information. See References.
For Mandriva Linux (mutt):
Refer to MDKSA-2007:113 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Gain Privileges
References:
- Mutt Web site, The Mutt E-Mail Client at http://www.mutt.org/.
- Red Hat Bugzilla Bug 239890, Buffer overflow in mutt's gecos structure handling at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890.
- ASA-2007-296: Mutt security update (RHSA-2007-0386)
- BID-24192: Mutt Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability
- CVE-2007-2683: Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via & characters in the GECOS field, which triggers the overflow during alias expansion.
- MDKSA-2007:113: Updated mutt packages fix vulnerabilities
- RHSA-2007-0386: Moderate: mutt security update
- SA25408: Mutt GECOS Name Processing Buffer Overflow Vulnerability
- SECTRACK ID: 1018066: Mutt mutt_gecos_name() Buffer Overflow May Let Local Users Gain Elevated Privileges
Reported:
May 11, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net