Mutt CVE-2018-14354 Remote Code Injection Vulnerability

Bugtraq ID:	104925
Class:	Input Validation Error
CVE:	CVE-2018-14354
Remote:	Yes
Local:	No
Published:	Jul 16 2018 12:00AM
Updated:	Jul 16 2018 12:00AM
Credit:	Jeriko One
Vulnerable:	Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Mutt Mutt 1.5.23 Mutt Mutt 1.5.22 Mutt Mutt 1.5.20 Mutt Mutt 1.5.19 Mutt Mutt 1.5.18 Mutt Mutt 1.5.17 Mutt Mutt 1.5.15 Mutt Mutt 1.5.13 Mutt Mutt 1.5.12 Mutt Mutt 1.5.11 Mutt Mutt 1.5.10 Mutt Mutt 1.5.9 Mutt Mutt 1.5.6 Mutt Mutt 1.5.4 Mutt Mutt 1.5.3 Mutt Mutt 1.4.2 + Netwosix Netwosix Linux 1.0 Mutt Mutt 1.4.1 + Slackware Linux 9.1 + Slackware Linux 9.0 + Slackware Linux 8.1 + Trustix Secure Linux 2.0 Mutt Mutt 1.4 .0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Mandriva Linux Mandrake 9.0 + Netwosix Netwosix Linux 1.0 + OpenPKG OpenPKG 1.2 + OpenPKG OpenPKG 1.1 + OpenPKG OpenPKG Current + Redhat Linux 8.0 i686 + Redhat Linux 8.0 i386 + Redhat Linux 8.0 + SuSE Linux 8.1 Mutt Mutt 1.3.28 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Mandriva Linux Mandrake 8.2 ppc + Mandriva Linux Mandrake 8.2 Mutt Mutt 1.3.27 + SuSE Linux 8.0 i386 + SuSE Linux 8.0 Mutt Mutt 1.3.25 Mutt Mutt 1.3.24 Mutt Mutt 1.3.22 + SuSE Linux 7.3 sparc + SuSE Linux 7.3 ppc + SuSE Linux 7.3 i386 + SuSE Linux 7.3 Mutt Mutt 1.3.17 Mutt Mutt 1.3.16 + SuSE Linux 7.2 i386 + SuSE Linux 7.2 Mutt Mutt 1.3.12 + SuSE Linux 7.1 x86 + SuSE Linux 7.1 sparc + SuSE Linux 7.1 ppc + SuSE Linux 7.1 alpha Mutt Mutt 1.2.5 + Caldera OpenLinux 3.1 -IA64 + Caldera OpenLinux 2.3 + Caldera OpenLinux eBuilder 3.0 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + HP Secure OS software for Linux 1.0 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Redhat Linux 7.0 J i386 + Redhat Linux 7.0 sparc + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + SCO eDesktop 2.4 + SCO eServer 2.3.1 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 Mutt Mutt 1.0.1 + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + SuSE Linux 6.4 ppc + SuSE Linux 6.4 i386 + SuSE Linux 6.4 alpha Mutt Mutt 1.5.9i Mutt Mutt 1.5.8 Mutt Mutt 1.5.7 Mutt Mutt 1.5.5i Mutt Mutt 1.5.5.1i Mutt Mutt 1.5.5 Mutt Mutt 1.5.21 Mutt Mutt 1.5.2 Mutt Mutt 1.5.16 Mutt Mutt 1.5.14 Mutt Mutt 1.5.1 Mutt Mutt 1.5 Mutt Mutt 1.4.2.3 Mutt Mutt 1.4.2.2 Mutt Mutt 1.4.2.1
Not Vulnerable:	Mutt Mutt 1.10.1

Mutt CVE-2018-14354 Remote Code Injection Vulnerability

Mutt is prone to an remote code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application.

Versions prior to Mutt 1.10.1 are vulnerable.

Mutt CVE-2018-14354 Remote Code Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.