• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor Buffer Overflow in MIME-aware Mail and News Clients Vulnerability

Solution:
Patches and upgrades exist for most of the popular packages which were affected by this problem. CERT advisory CA-98.10.mime_buffer_overflows details individual vendor responses to the problem. In addition, it gives references to a number of solutions that allow for the eilimination of externally originating mail attempting to exploit this vulnerability by utilizing filtering at the SMTP server. These solutions, however, should not be considered a solution, but rather a temporary measure until all possibly affected systems can be patched.

Mutt versions up to and including 0.93.1(i) are vulnerable. The bug has been fixed as of mutt 0.93.2(i). A patch was distributed on Usenet on July 29, 1998.
Users of older versions should upgrade as soon as possible. Mutt 0.93.2(i) is available from ftp://ftp.guug.de/pub/mutt/