OpenPKG Security Advisory
OpenPKG-SA-2004.005
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2004.005 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2004.005 Advisory Published: 2009-07-04 12:44 UTC Issue Id (internal): OpenPKG-SI-20040309.01 Issue First Created: 2004-03-09 Issue Last Modified: 2006-11-28 Issue Revision: 06
Subject Name: Mutt Subject Summary: Mail User Agent Subject Home: http://www.mutt.org/ Subject Versions: * <= 1.4.1i Vulnerability Id: CVE-2004-0078 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: denial of service Description: According to a posting on Bugtraq [0], a buffer overflow exists in the mail user agent Mutt [1]. It can be triggered by incoming messages and there are reports about spam that has actually triggered this problem and crashed Mutt. The bug was reported to Red Hat by Niels Heinen. References: [0] http://marc.theaimsgroup.com/?l=bugtraq&m=107651677817933 [1] http://www.mutt.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0078 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.3/UPD/mutt-1.4.1i-1.3.2.src.rpm [6] ftp://ftp.openpkg.org/release/1.3/UPD/ [7] http://www.openpkg.org/security.html#signature
Primary Package Name: mutt Primary Package Home: http://openpkg.org/go/package/mutt Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 1.3-SOLID mutt-1.4.1i-1.3.1 OpenPKG Community 2.0-SOLID n/a OpenPKG Community CURRENT mutt-1.4.1i-20040207 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 1.3-SOLID mutt-1.4.1i-1.3.2 OpenPKG Community 2.0-SOLID n/a OpenPKG Community CURRENT mutt-1.4.2.1i-20040214
