ID CVE-2004-0078
Summary Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
References
Vulnerable Configurations
  • cpe:2.3:a:mutt:mutt:1.2.1
    cpe:2.3:a:mutt:mutt:1.2.1
  • cpe:2.3:a:mutt:mutt:1.2.5
    cpe:2.3:a:mutt:mutt:1.2.5
  • cpe:2.3:a:mutt:mutt:1.2.5.1
    cpe:2.3:a:mutt:mutt:1.2.5.1
  • cpe:2.3:a:mutt:mutt:1.2.5.4
    cpe:2.3:a:mutt:mutt:1.2.5.4
  • cpe:2.3:a:mutt:mutt:1.2.5.5
    cpe:2.3:a:mutt:mutt:1.2.5.5
  • cpe:2.3:a:mutt:mutt:1.2.5.12
    cpe:2.3:a:mutt:mutt:1.2.5.12
  • cpe:2.3:a:mutt:mutt:1.2.5.12_ol
    cpe:2.3:a:mutt:mutt:1.2.5.12_ol
  • cpe:2.3:a:mutt:mutt:1.3.12
    cpe:2.3:a:mutt:mutt:1.3.12
  • cpe:2.3:a:mutt:mutt:1.3.12.1
    cpe:2.3:a:mutt:mutt:1.3.12.1
  • cpe:2.3:a:mutt:mutt:1.3.16
    cpe:2.3:a:mutt:mutt:1.3.16
  • cpe:2.3:a:mutt:mutt:1.3.17
    cpe:2.3:a:mutt:mutt:1.3.17
  • cpe:2.3:a:mutt:mutt:1.3.22
    cpe:2.3:a:mutt:mutt:1.3.22
  • cpe:2.3:a:mutt:mutt:1.3.24
    cpe:2.3:a:mutt:mutt:1.3.24
  • cpe:2.3:a:mutt:mutt:1.3.25
    cpe:2.3:a:mutt:mutt:1.3.25
  • cpe:2.3:a:mutt:mutt:1.3.27
    cpe:2.3:a:mutt:mutt:1.3.27
  • cpe:2.3:a:mutt:mutt:1.3.28
    cpe:2.3:a:mutt:mutt:1.3.28
  • cpe:2.3:a:mutt:mutt:1.4.0
    cpe:2.3:a:mutt:mutt:1.4.0
  • cpe:2.3:a:mutt:mutt:1.4.1
    cpe:2.3:a:mutt:mutt:1.4.1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_MUTT_142.NASL
    description The following package needs to be updated: ja-mutt
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12582
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12582
    title FreeBSD : Buffer overflow in Mutt 1.4 (122)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_67C052835D6211D880E30020ED76EF5A.NASL
    description Mutt 1.4 contains a buffer overflow that could be exploited with a specially formed message, causing Mutt to crash or possibly execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37471
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37471
    title FreeBSD : Buffer overflow in Mutt 1.4 (67c05283-5d62-11d8-80e3-0020ed76ef5a)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-043-01.NASL
    description Mutt is a text-based program for reading electronic mail. New mutt packages are available for Slackware 8.1, 9.0, 9.1, and -current. These have been upgraded to version 1.4.2i to fix a buffer overflow that could lead to a machine compromise. All sites using mutt should upgrade to the new mutt package.
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 18772
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18772
    title Slackware 8.1 / 9.0 / 9.1 / current : mutt security update (SSA:2004-043-01)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-010.NASL
    description A bug in mutt was reported by Neils Heinen that could allow a remote attacker to send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the user running mutt. The updated packages have been patched to correct the problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14110
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14110
    title Mandrake Linux Security Advisory : mutt (MDKSA-2004:010)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-050.NASL
    description New mutt packages that fix a remotely-triggerable crash in the menu drawing code are now available. Mutt is a text-mode mail user agent. A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0078 to this issue. It is recommended that all mutt users upgrade to these updated packages, which contain a backported security patch and are not vulnerable to this issue. Red Hat would like to thank Niels Heinen for reporting this issue. Note: mutt-1.2.5.1 in Red Hat Enterprise Linux 2.1 is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12461
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12461
    title RHEL 3 : mutt (RHSA-2004:050)
oval via4
  • accepted 2007-04-25T19:52:54.867-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
    family unix
    id oval:org.mitre.oval:def:811
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat Mutt BO in Index Menu
    version 33
  • accepted 2007-04-25T19:52:59.230-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
    family unix
    id oval:org.mitre.oval:def:838
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat Enterprise 3 Mutt BO in Index Menu
    version 35
redhat via4
advisories
  • rhsa
    id RHSA-2004:050
  • rhsa
    id RHSA-2004:051
refmap via4
bid 9641
bugtraq
  • 20040211 Mutt-1.4.2 fixes buffer overflow.
  • 20040215 LNSA-#2004-0001: mutt remote crash
  • 20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)
caldera CSSA-2004-013.0
confirm http://bugs.debian.org/126336
mandrake MDKSA-2004:010
osvdb 3918
slackware SSA:2004-043
xf mutt-index-menu-bo(15134)
Last major update 17-10-2016 - 22:40
Published 03-03-2004 - 00:00
Last modified 09-10-2017 - 21:30
Back to Top