Mandriva Update For Mutt MDKSA-2007:113 (mutt) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials (CVE-2007-1558). A flaw in how mutt handled certain characters in gecos fields could lead to a buffer overflow. A local user able to give themselves a carefully crafted Real Name could potentially execute arbitrary code if a victim used mutt to expand the attacker's alias (CVE-2007-2683). Updated packages have been patched to address these issues.

Affected

mutt on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-1558, CVE-2007-2683

CVSS	Base Score: 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Mandriva Update for fetchmail MDKSA-2007:105 (fetchmail)
Mandriva Update for wireshark MDVSA-2012:080 (wireshark)
Mandriva Update for samba MDVSA-2011:148 (samba)
Mandriva Update for findutils MDVA-2010:161 (findutils)
Mandriva Update for gd MDVSA-2008:038 (gd)

Mandriva Update for mutt MDKSA-2007:113 (mutt)

Take action and discover your vulnerabilities