• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mutt Menu Drawing Remote Buffer Overflow Vulnerability

Solution:
Red Hat has released advisory RHSA-2004:051-01 to address this issue.

Mandrake has released advisory MDKSA-2004:010 with fixes to address this issue.

Slackware has released an advisory (SSA:2004-043-01) that includes fixes to address this issue. Please see the attached avdisory for information on obtaining and applying fixes.

Trustix has released advisory 2004-0006 to address this issue.

Netwosix Linux has released an advisory (2004-0001) that includes fixes to address this issue.

OpenPKG has made an updated package available. Please see the attached advisory for more information.

SCO Linux has released advisory CSSA-2004-013.0 and a fix dealing with this issue.

Sun has released fixes dealing with this issues for their Cobalt series operating systems.

A fixed version has been made available:


Sun Cobalt Qube 3

• Sun Qube3-All-Security-4.0.1-16706.pkg
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16706.pkg

Sun Cobalt RaQ 4

• Sun RaQ4-All-Security-2.0.1-16706.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 1-16706.pkg

Sun Cobalt RaQ XTR

• Sun RaQXTR-All-Security-1.0.1-16706.pkg
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16706.pkg

Mutt Mutt 1.2 -1

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.2.5 -1

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.2.5

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz


• SCO mutt-1.2.5-13.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-013.0/R PMS/mutt-1.2.5-13.i386.rpm


• SCO mutt-1.2.5-13.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-01 3.0/RPMS/mutt-1.2.5-13.i386.rpm

Mutt Mutt 1.2.5 -4

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.2.5 -5

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.2.5 -12

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.2.5 -12OL

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.2.5 .1

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.3.12 -1

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.3.12

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.3.16

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.3.17

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.3.22

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.3.24

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.3.25

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.3.27

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.3.28

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz

Mutt Mutt 1.4 .0

• MandrakeSoft mutt-1.4.1i-1.2.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft mutt-1.4.1i-1.2.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft mutt-1.4.1i-1.2.C21mdk.i586.rpm
  Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft mutt-1.4.1i-1.2.C21mdk.x86_64.rpm
  Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft mutt-1.4.1i-3.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft mutt-1.4.1i-3.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz


• Netwosix mutt-1.4.2.1i.tar.gz
  http://download.netwosix.org/0001/mutt-1.4.2.1i.tar.gz

Mutt Mutt 1.4.1

• Mutt mutt-1.4.2i.tar.gz
  ftp://ftp.mutt.org/pub/mutt/mutt-1.4.2i.tar.gz


• OpenPKG mutt-1.4.1i-1.3.2.src.rpm
  ftp://ftp.openpkg.org/release/1.3/UPD/mutt-1.4.1i-1.3.2.src.rpm


• Slackware mutt-1.4.2i-i386-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/m utt-1.4.2i-i386-1.tgz


• Slackware mutt-1.4.2i-i386-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/m utt-1.4.2i-i386-1.tgz


• Slackware mutt-1.4.2i-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m utt-1.4.2i-i486-1.tgz


• Slackware mutt-1.4.2i-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mu tt-1.4.2i-i486-1.tgz


• Trustix mutt-1.4.2-1tr.i586.rpm
  ftp://ftp.trustix.org/pub/trustix/updates/2.0/rpms/mutt-1.4.2-1tr.i586 .rpm