ID CVE-2007-2683
Summary Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
References
Vulnerable Configurations
  • cpe:2.3:a:mutt:mutt:1.4.2
    cpe:2.3:a:mutt:mutt:1.4.2
CVSS
Base: 3.5 (as of 17-05-2007 - 07:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Mutt. CVE-2007-2683. Local exploit for linux platform
id EDB-ID:30093
last seen 2016-02-03
modified 2007-05-28
published 2007-05-28
reporter raylai
source https://www.exploit-db.com/download/30093/
title Mutt 1.4.2 Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-0002.NASL
    description This update fixes two security issues : The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. (CVE-2007-1558) Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via '&' characters in the GECOS field, which triggers the overflow during alias expansion. (CVE-2007-2683) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 62264
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62264
    title Fedora 7 : mutt-1.5.14-4.fc7 (2007-0002)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0386.NASL
    description From Red Hat Security Advisory 2007:0386 : An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way Mutt handled certain characters in gecos fields which could lead to a buffer overflow. The gecos field is an entry in the password database typically used to record general information about the user. A local attacker could give themselves a carefully crafted 'Real Name' which could execute arbitrary code if a victim uses Mutt and expands the attackers alias. (CVE-2007-2683) All users of mutt should upgrade to this updated package, which contains a backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67505
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67505
    title Oracle Linux 3 / 4 / 5 : mutt (ELSA-2007-0386)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070604_MUTT_ON_SL5_X.NASL
    description A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way Mutt handled certain characters in gecos fields which could lead to a buffer overflow. The gecos field is an entry in the password database typically used to record general information about the user. A local attacker could give themselves a carefully crafted 'Real Name' which could execute arbitrary code if a victim uses Mutt and expands the attackers alias. (CVE-2007-2683)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60195
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60195
    title Scientific Linux Security Update : mutt on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_863F95D33DF111DCB3D30016179B2DD5.NASL
    description Securityfocus reports : Mutt is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. An attacker can exploit this issue to execute arbitrary code with the with the privileges of the victim. Failed exploit attempts will result in a denial of service.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 25804
    published 2007-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25804
    title FreeBSD : mutt -- buffer overflow vulnerability (863f95d3-3df1-11dc-b3d3-0016179b2dd5)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-113.NASL
    description A flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials (CVE-2007-1558). A flaw in how mutt handled certain characters in gecos fields could lead to a buffer overflow. A local user able to give themselves a carefully crafted Real Name could potentially execute arbitrary code if a victim used mutt to expand the attacker's alias (CVE-2007-2683). Updated packages have been patched to address these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25431
    published 2007-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25431
    title Mandrake Linux Security Advisory : mutt (MDKSA-2007:113)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0386.NASL
    description An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way Mutt handled certain characters in gecos fields which could lead to a buffer overflow. The gecos field is an entry in the password database typically used to record general information about the user. A local attacker could give themselves a carefully crafted 'Real Name' which could execute arbitrary code if a victim uses Mutt and expands the attackers alias. (CVE-2007-2683) All users of mutt should upgrade to this updated package, which contains a backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25404
    published 2007-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25404
    title RHEL 3 / 4 / 5 : mutt (RHSA-2007:0386)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0386.NASL
    description An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way Mutt handled certain characters in gecos fields which could lead to a buffer overflow. The gecos field is an entry in the password database typically used to record general information about the user. A local attacker could give themselves a carefully crafted 'Real Name' which could execute arbitrary code if a victim uses Mutt and expands the attackers alias. (CVE-2007-2683) All users of mutt should upgrade to this updated package, which contains a backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25403
    published 2007-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25403
    title CentOS 3 / 4 / 5 : mutt (CESA-2007:0386)
oval via4
accepted 2013-04-29T04:06:34.083-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description " characters in the GECOS field, which triggers the overflow during alias expansion.
family unix
id oval:org.mitre.oval:def:10543
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "" characters in the GECOS field, which triggers the overflow during alias expansion.
version 24
redhat via4
advisories
bugzilla
id 241191
title CVE-2007-1558 fetchmail/mutt/evolution/...: APOP password disclosure vulnerability
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • comment mutt is earlier than 5:1.4.1-5.el3
      oval oval:com.redhat.rhsa:tst:20070386002
    • comment mutt is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070386003
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • comment mutt is earlier than 5:1.4.1-12.0.3.el4
      oval oval:com.redhat.rhsa:tst:20070386005
    • comment mutt is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070386003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment mutt is earlier than 5:1.4.2.2-3.0.2.el5
      oval oval:com.redhat.rhsa:tst:20070386007
    • comment mutt is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070386008
rhsa
id RHSA-2007:0386
released 2007-06-04
severity Moderate
title RHSA-2007:0386: mutt security update (Moderate)
rpms
  • mutt-5:1.4.1-5.el3
  • mutt-5:1.4.1-12.0.3.el4
  • mutt-5:1.4.2.2-3.0.2.el5
refmap via4
bid 24192
confirm
mandriva MDKSA-2007:113
misc http://dev.mutt.org/trac/ticket/2885
osvdb 34973
sectrack 1018066
secunia
  • 25408
  • 25515
  • 25529
  • 25546
  • 26415
trustix 2007-0024
xf mutt-gecos-bo(34441)
statements via4
contributor Joshua Bressers
lastmodified 2007-06-04
organization Red Hat
statement Updates for Red Hat Enterprise Linux are available from http://rhn.redhat.com/errata/RHSA-2007-0386.html
Last major update 05-11-2012 - 22:39
Published 15-05-2007 - 17:19
Last modified 10-10-2017 - 21:32
Back to Top