BID:2502

Mutt IMAP Server Message Format String Vulnerability

Info

Mutt IMAP Server Message Format String Vulnerability

Bugtraq ID:	2502
Class:	Input Validation Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 14 2001 12:00AM
Updated:	Mar 14 2001 12:00AM
Credit:	This vulnerability was announced to Bugtraq in a RedHat Security Advisory posted on March 14, 2001.
Vulnerable:	Mutt Mutt 1.0.1 + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + SuSE Linux 6.4 ppc + SuSE Linux 6.4 i386 + SuSE Linux 6.4 alpha Mutt Mutt 0.93.2 + Redhat Linux 5.2 sparc + Redhat Linux 5.2 i386 + Redhat Linux 5.2 alpha

Not Vulnerable:	Mutt Mutt 1.2.5 + Caldera OpenLinux 3.1 -IA64 + Caldera OpenLinux 2.3 + Caldera OpenLinux eBuilder 3.0 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + HP Secure OS software for Linux 1.0 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Redhat Linux 7.0 J i386 + Redhat Linux 7.0 sparc + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + SCO eDesktop 2.4 + SCO eServer 2.3.1 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2

Discussion

Mutt IMAP Server Message Format String Vulnerability

mutt is a powerful email utility, actively maintained by the Mutt Development Team. mutt is a Mail User Agent that is both open source and freely available.

A problem with mutt may allow a remote user to execute arbitrary code through the MUA. This vulnerability is due to the handling of server messages returned to mutt clients by IMAP servers. Due to improper handling of input from IMAP servers, it is possible to execute a format string attack against mutt clients using an IMAP server.

Therefore, it is possible to remote execute commands on a mutt MUA with the privileges of the mutt user.

Exploit / POC

Mutt IMAP Server Message Format String Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Mutt IMAP Server Message Format String Vulnerability

Solution:
Upgrades available:

Mutt Mutt 0.93.2

Mutt Mutt 1.2.5
ftp://ftp.mutt.org/pub/mutt/mutt-1.2.5i.tar.gz

Red Hat 5.2 alpha mutt-1.2.5i-8.5.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/mutt-1.2.5i-8.5.alpha.rpm

Red Hat 5.2 i386 mutt-1.2.5i-8.5.i386.rpm
ftp://updates.redhat.com/5.2/i386/mutt-1.2.5i-8.5.i386.rpm

Red Hat 5.2 sparc mutt-1.2.5i-8.5.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/mutt-1.2.5i-8.5.sparc.rpm

Mutt Mutt 1.0.1

Conectiva 4.0 i386 mutt-1.2.5-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mutt-1.2.5-6cl.i386.rpm

Conectiva 4.0es i386 mutt-1.2.5-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mutt-1.2.5-6cl.i386.rpm

Conectiva 4.1 i386 mutt-1.2.5-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/mutt-1.2.5-6cl.i386.rpm

Conectiva 4.2 i386 mutt-1.2.5-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mutt-1.2.5-6cl.i386.rpm

Conectiva 5.0 i386 mutt-1.2.5-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mutt-1.2.5-6cl.i386.rpm

Conectiva 5.1 i386 mutt-1.2.5-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mutt-1.2.5-6cl.i386.rpm

Conectiva ecommerce i386 mutt-1.2.5-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mutt-1. 2.5-6cl.i386.rpm

Conectiva graficas i386 mutt-1.2.5-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mutt-1.2 .5-6cl.i386.rpm

Mutt Mutt 1.2.5
ftp://ftp.mutt.org/pub/mutt/mutt-1.2.5i.tar.gz

Red Hat 6.2 alpha mutt-1.2.5i-8.6.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mutt-1.2.5i-8.6.alpha.rpm

Red Hat 6.2 i386 mutt-1.2.5i-8.6.i386.rpm
ftp://updates.redhat.com/6.2/i386/mutt-1.2.5i-8.6.i386.rpm

Red Hat 6.2 sparc mutt-1.2.5i-8.6.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mutt-1.2.5i-8.6.sparc.rpm

References

Mutt IMAP Server Message Format String Vulnerability

References: