OpenPKG Security Advisory
OpenPKG-SA-2006.013
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.013 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.013 Advisory Published: 2008-10-06 23:06 UTC Issue Id (internal): OpenPKG-SI-20060715.01 Issue First Created: 2006-07-15 Issue Last Modified: 2006-12-07 Issue Revision: 07
Subject Name: Mutt Subject Summary: Mail User Agent Subject Home: http://www.mutt.org/ Subject Versions: * <= 1.5.11i Vulnerability Id: CVE-2006-3242 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service Description: According to a vendor security update based on hints from TAKAHASHI Tamotsu, a stack-based buffer overflow exists in the Mutt [1] mail user agent. The problem is in the browse_get_namespace() function in "imap/browse.c" which allows remote attackers to cause a Denial of Service (DoS) or execute arbitrary code via long namespaces received from the IMAP server. References: [1] http://www.mutt.org/
Primary Package Name: mutt Primary Package Home: http://openpkg.org/go/package/mutt Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.5-SOLID mutt-1.5.11i-2.5.0 OpenPKG Community CURRENT mutt-1.5.11i-20060622 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.5-SOLID mutt-1.5.11i-2.5.1 OpenPKG Community CURRENT mutt-1.5.12-20060715
