ID CVE-2007-2683
Summary Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
References
Vulnerable Configurations
  • cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:H/Au:S/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:06:34.083-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description " characters in the GECOS field, which triggers the overflow during alias expansion.
family unix
id oval:org.mitre.oval:def:10543
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "" characters in the GECOS field, which triggers the overflow during alias expansion.
version 30
redhat via4
advisories
bugzilla
id 241191
title CVE-2007-1558 fetchmail/mutt/evolution/...: APOP password disclosure vulnerability
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • comment mutt is earlier than 5:1.4.1-12.0.3.el4
      oval oval:com.redhat.rhsa:tst:20070386001
    • comment mutt is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060577002
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • comment mutt is earlier than 5:1.4.2.2-3.0.2.el5
      oval oval:com.redhat.rhsa:tst:20070386004
    • comment mutt is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070386005
rhsa
id RHSA-2007:0386
released 2007-06-04
severity Moderate
title RHSA-2007:0386: mutt security update (Moderate)
rpms
  • mutt-5:1.4.1-12.0.3.el4
  • mutt-5:1.4.1-5.el3
  • mutt-5:1.4.2.2-3.0.2.el5
  • mutt-debuginfo-5:1.4.1-12.0.3.el4
  • mutt-debuginfo-5:1.4.1-5.el3
  • mutt-debuginfo-5:1.4.2.2-3.0.2.el5
refmap via4
bid 24192
confirm
mandriva MDKSA-2007:113
misc http://dev.mutt.org/trac/ticket/2885
osvdb 34973
sectrack 1018066
secunia
  • 25408
  • 25515
  • 25529
  • 25546
  • 26415
trustix 2007-0024
xf mutt-gecos-bo(34441)
statements via4
contributor Joshua Bressers
lastmodified 2007-06-04
organization Red Hat
statement Updates for Red Hat Enterprise Linux are available from http://rhn.redhat.com/errata/RHSA-2007-0386.html
Last major update 11-10-2017 - 01:32
Published 15-05-2007 - 21:19
Last modified 11-10-2017 - 01:32
Back to Top