[lug] exploitable mutt bug; mutt-1.2.5.1 and mutt-1.3.25 released.
Neal McBurnett
neal at bcn.boulder.co.us
Mon Jan 7 15:50:34 MST 2002
There is an exploitable buffer-overflow bug in the "mutt" email client
which has been fixed in both a new stable version and a new beta
version. I haven't seen a new Redhat RPM yet.
I haven't heard of an exploit in the wild yet.
I don't know if an exploit would have to entice you into reading the
mail message, or or if just having mutt parse the message in order to
update your index could set it off. A brief look at the patch
indicates that it affects rfc822.c which makes me fear the latter.
I don't remember other email client vulnerabilities being discovered
in the Linux world offhand - have there been? And have they been
exploited?.
At any rate, it seems like an important thing to install the fix.
Neal McBurnett <neal at bcn.boulder.co.us>
http://bcn.boulder.co.us/~neal/
GPG/PGP signed and/or sealed mail encouraged. Keyid: 2C9EBA60
-------------- next part --------------
An embedded message was scrubbed...
From: Thomas Roessler <roessler at does-not-exist.org>
Subject: [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.
Date: Tue, 1 Jan 2002 21:40:31 +0100
Size: 4029
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20020107/f34b0465/attachment.mht>
More information about the LUG
mailing list