ID CVE-2018-14362
Summary An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Enterprise Linux 6
    cpe:2.3:o:redhat:enterprise_linux:6
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Mutt 1.5
    cpe:2.3:a:mutt:mutt:1.5
  • Mutt 1.5.1
    cpe:2.3:a:mutt:mutt:1.5.1
  • Mutt 1.5.2
    cpe:2.3:a:mutt:mutt:1.5.2
  • Mutt 1.5.3
    cpe:2.3:a:mutt:mutt:1.5.3
  • Mutt 1.5.4
    cpe:2.3:a:mutt:mutt:1.5.4
  • Mutt 1.5.5
    cpe:2.3:a:mutt:mutt:1.5.5
  • Mutt 1.5.6
    cpe:2.3:a:mutt:mutt:1.5.6
  • Mutt 1.5.7
    cpe:2.3:a:mutt:mutt:1.5.7
  • Mutt 1.5.8
    cpe:2.3:a:mutt:mutt:1.5.8
  • Mutt 1.5.9
    cpe:2.3:a:mutt:mutt:1.5.9
  • Mutt 1.5.10
    cpe:2.3:a:mutt:mutt:1.5.10
  • Mutt 1.5.11
    cpe:2.3:a:mutt:mutt:1.5.11
  • Mutt 1.5.12
    cpe:2.3:a:mutt:mutt:1.5.12
  • Mutt 1.5.13
    cpe:2.3:a:mutt:mutt:1.5.13
  • Mutt 1.5.14
    cpe:2.3:a:mutt:mutt:1.5.14
  • Mutt 1.5.15
    cpe:2.3:a:mutt:mutt:1.5.15
  • Mutt 1.5.16
    cpe:2.3:a:mutt:mutt:1.5.16
  • Mutt 1.5.17
    cpe:2.3:a:mutt:mutt:1.5.17
  • Mutt 1.5.18
    cpe:2.3:a:mutt:mutt:1.5.18
  • Mutt 1.5.19
    cpe:2.3:a:mutt:mutt:1.5.19
  • Mutt 1.5.20
    cpe:2.3:a:mutt:mutt:1.5.20
  • Mutt 1.5.21
    cpe:2.3:a:mutt:mutt:1.5.21
  • Mutt 1.5.22
    cpe:2.3:a:mutt:mutt:1.5.22
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2526.NASL
    description An update for mutt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es) : * mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) * mutt: Remote Code Execution via backquote characters (CVE-2018-14357) * mutt: POP body caching path traversal vulnerability (CVE-2018-14362) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 112022
    published 2018-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112022
    title CentOS 6 / 7 : mutt (CESA-2018:2526)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1304.NASL
    description According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) - mutt: Remote Code Execution via backquote characters (CVE-2018-14357) - mutt: POP body caching path traversal vulnerability (CVE-2018-14362) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117747
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117747
    title EulerOS 2.0 SP2 : mutt (EulerOS-SA-2018-1304)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3719-1.NASL
    description It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357) It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111268
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111268
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : mutt vulnerabilities (USN-3719-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180821_MUTT_ON_SL6_X.NASL
    description Security Fix(es) : - mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) - mutt: Remote Code Execution via backquote characters (CVE-2018-14357) - mutt: POP body caching path traversal vulnerability (CVE-2018-14362)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 112053
    published 2018-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112053
    title Scientific Linux Security Update : mutt on SL6.x, SL7.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3719-3.NASL
    description USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. We apologize for the inconvenience. Original advisory details : It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357) It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 117825
    published 2018-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117825
    title Ubuntu 16.04 LTS : mutt vulnerabilities (USN-3719-3)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2526.NASL
    description From Red Hat Security Advisory 2018:2526 : An update for mutt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es) : * mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) * mutt: Remote Code Execution via backquote characters (CVE-2018-14357) * mutt: POP body caching path traversal vulnerability (CVE-2018-14362) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-09-13
    plugin id 112025
    published 2018-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112025
    title Oracle Linux 6 / 7 : mutt (ELSA-2018-2526)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1077.NASL
    description An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.(CVE-2018-14362) An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.(CVE-2018-14354) An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.(CVE-2018-14357)
    last seen 2019-02-21
    modified 2018-09-19
    plugin id 117591
    published 2018-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117591
    title Amazon Linux 2 : mutt (ALAS-2018-1077)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1305.NASL
    description According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) - mutt: Remote Code Execution via backquote characters (CVE-2018-14357) - mutt: POP body caching path traversal vulnerability (CVE-2018-14362) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117748
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117748
    title EulerOS 2.0 SP3 : mutt (EulerOS-SA-2018-1305)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-F1438C5833.NASL
    description Upgrade to 1.10.1 Security fix for CVE-2018-14358, CVE-2018-14352, CVE-2018-14353, CVE-2018-14356, CVE-2018-14359, CVE-2018-14354, CVE-2018-14355, CVE-2018-14362, CVE-2018-14357, CVE-2018-14350, CVE-2018-14349, CVE-2018-14351 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120894
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120894
    title Fedora 28 : 5:mutt (2018-f1438c5833)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-502E31A658.NASL
    description Security fix for CVE-2018-14358, CVE-2018-14352, CVE-2018-14353, CVE-2018-14356, CVE-2018-14359, CVE-2018-14354, CVE-2018-14355, CVE-2018-14362, CVE-2018-14357, CVE-2018-14350, CVE-2018-14349, CVE-2018-14351 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-13
    plugin id 111470
    published 2018-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111470
    title Fedora 27 : 5:mutt (2018-502e31a658)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_FE12EF838B4711E896CC001A4A7EC6BE.NASL
    description NeoMutt report : DescriptionCVE-2018-14349 NO Response Heap Overflow CVE-2018-14350 INTERNALDATE Stack Overflow CVE-2018-14351 STATUS Literal Length relative write CVE-2018-14352 imap_quote_string off-by-one stack overflow CVE-2018-14353 imap_quote_string int underflow CVE-2018-14354 imap_subscribe Remote Code Execution CVE-2018-14355 STATUS mailbox header cache directory traversal CVE-2018-14356 POP empty UID NULL deref CVE-2018-14357 LSUB Remote Code Execution CVE-2018-14358 RFC822.SIZE Stack Overflow CVE-2018-14359 base64 decode Stack Overflow CVE-2018-14360 NNTP Group Stack Overflow CVE-2018-14361 NNTP Write 1 where via GROUP response CVE-2018-14362 POP Message Cache Directory Traversal CVE-2018-14363 NNTP Header Cache Directory Traversal
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111181
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111181
    title FreeBSD : mutt/neomutt -- multiple vulnerabilities (fe12ef83-8b47-11e8-96cc-001a4a7ec6be)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2019-52.NASL
    description This update for mutt fixes the following issues : Security issues fixed : - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes : - mutt reports as neomutt and incorrect version (bsc#1094717) - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830) - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129) - (neo)mutt displaying times in Zulu time (bsc#1061343) - mutt unconditionally segfaults when displaying a message (bsc#986534) - For openSUSE Leap 42.3, retain split of -lang and -doc (boo#1120935) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 121281
    published 2019-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121281
    title openSUSE Security Update : mutt (openSUSE-2019-52)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201810-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201810-07 (Mutt, NeoMutt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mutt, and NeoMutt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted mail message or connect to malicious mail server using Mutt or NeoMutt, possibly resulting in execution of arbitrary code or directory traversal with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-10-31
    plugin id 118507
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118507
    title GLSA-201810-07 : Mutt, NeoMutt: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A2F350818A0211E88FA54437E6AD11C4.NASL
    description Kevin J. McCarthy reports : Fixes a remote code injection vulnerability when 'subscribing' to an IMAP mailbox, either via $imap_check_subscribed, or via the function in the browser menu. Mutt was generating a 'mailboxes' command and sending that along to the muttrc parser. However, it was not escaping '`', which executes code and inserts the result. This would allow a malicious IMAP server to execute arbitrary code (for $imap_check_subscribed). Fixes POP body caching path traversal vulnerability. Fixes IMAP header caching path traversal vulnerability. CVE-2018-14349 - NO Response Heap Overflow CVE-2018-14350 - INTERNALDATE Stack Overflow CVE-2018-14351 - STATUS Literal Length relative write CVE-2018-14352 - imap_quote_string off-by-one stack overflow CVE-2018-14353 - imap_quote_string int underflow CVE-2018-14354 - imap_subscribe Remote Code Execution CVE-2018-14355 - STATUS mailbox header cache directory traversal CVE-2018-14356 - POP empty UID NULL deref CVE-2018-14357 - LSUB Remote Code Execution CVE-2018-14358 - RFC822.SIZE Stack Overflow CVE-2018-14359 - base64 decode Stack Overflow CVE-2018-14362 - POP Message Cache Directory Traversal
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111179
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111179
    title FreeBSD : mutt -- remote code injection and path traversal vulnerability (a2f35081-8a02-11e8-8fa5-4437e6ad11c4)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2085-1.NASL
    description This update for mutt fixes the following issues: Security issues fixed : - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes : - mutt reports as neomutt and incorrect version (bsc#1094717) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120066
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120066
    title SUSE SLED15 / SLES15 Security Update : mutt (SUSE-SU-2018:2085-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2526.NASL
    description An update for mutt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es) : * mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) * mutt: Remote Code Execution via backquote characters (CVE-2018-14357) * mutt: POP body caching path traversal vulnerability (CVE-2018-14362) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111994
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111994
    title RHEL 6 / 7 : mutt (RHSA-2018:2526)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-809.NASL
    description This update for mutt fixes the following issues : Security issues fixed : - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes : - mutt reports as neomutt and incorrect version (bsc#1094717) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-09-13
    plugin id 111571
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111571
    title openSUSE Security Update : mutt (openSUSE-2018-809)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2403-1.NASL
    description This update for mutt fixes the following issues: Security issues fixed : - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes : - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112011
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112011
    title SUSE SLES11 Security Update : mutt (SUSE-SU-2018:2403-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4277.NASL
    description Several vulnerabilities were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, potentially leading to code execution, denial of service or information disclosure when connecting to a malicious mail/NNTP server.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 111986
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111986
    title Debian DSA-4277-1 : mutt - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2084-1.NASL
    description This update for mutt fixes the following issues: Security issues fixed : - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes : - mutt reports as neomutt and incorrect version (bsc#1094717) - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830) - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129) - (neo)mutt displaying times in Zulu time (bsc#1061343) - mutt unconditionally segfaults when displaying a message (bsc#986534) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111435
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111435
    title SUSE SLED12 / SLES12 Security Update : mutt (SUSE-SU-2018:2084-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1455.NASL
    description Several vulnerabilities have been discovered in mutt, a sophisticated text-based Mail User Agent, resulting in denial of service, stack-based buffer overflow, arbitrary command execution, and directory traversal flaws. For Debian 8 'Jessie', these problems have been fixed in version 1.5.23-3+deb8u1. We recommend that you upgrade your mutt packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-13
    plugin id 111519
    published 2018-08-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111519
    title Debian DLA-1455-1 : mutt security update
redhat via4
advisories
bugzilla
id 1602915
title CVE-2018-14357 mutt: Remote Code Execution via backquote characters
oval
OR
  • AND
    • comment mutt is earlier than 5:1.5.21-28.el7_5
      oval oval:com.redhat.rhsa:tst:20182526005
    • comment mutt is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20110959006
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
  • AND
    • comment mutt is earlier than 5:1.5.20-9.20091214hg736b6a.el6
      oval oval:com.redhat.rhsa:tst:20182526011
    • comment mutt is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20110959006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
rhsa
id RHSA-2018:2526
released 2018-08-20
severity Important
title RHSA-2018:2526: mutt security update (Important)
rpms
  • mutt-5:1.5.21-28.el7_5
  • mutt-5:1.5.20-9.20091214hg736b6a.el6
refmap via4
debian DSA-4277
gentoo GLSA-201810-07
misc
mlist [debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update
ubuntu USN-3719-3
Last major update 17-07-2018 - 13:29
Published 17-07-2018 - 13:29
Last modified 08-03-2019 - 08:38
Back to Top