Oval Definition:oval:com.redhat.rhsa:def:20070386
Revision Date:2008-03-20Version:637
Title:RHSA-2007:0386: mutt security update (Moderate)
Description:Mutt is a text-mode mail user agent.

  • A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297)

  • A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558)

  • A flaw was found in the way Mutt handled certain characters in gecos fields which could lead to a buffer overflow. The gecos field is an entry in the password database typically used to record general information about the user. A local attacker could give themselves a carefully crafted "Real Name" which could execute arbitrary code if a victim uses Mutt and expands the attackers alias. (CVE-2007-2683)

    All users of mutt should upgrade to this updated package, which contains a backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2006-5297
    CVE-2007-1558
    CVE-2007-2683
    RHSA-2007:0386
    RHSA-2007:0386-02
    RHSA-2007:0386-02
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND mutt is earlier than 5:1.4.1-5.el3
  • AND mutt is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND mutt is earlier than 5:1.4.1-12.0.3.el4
  • AND mutt is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND mutt is earlier than 5:1.4.2.2-3.0.2.el5
  • AND mutt is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND mutt is earlier than 5:1.4.1-5.el3
  • AND mutt is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND mutt is earlier than 5:1.4.1-12.0.3.el4
  • AND mutt is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND mutt is earlier than 5:1.4.2.2-3.0.2.el5
  • AND mutt is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND mutt is earlier than 5:1.4.1-12.0.3.el4
  • AND mutt is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND mutt is earlier than 5:1.4.2.2-3.0.2.el5
  • AND mutt is signed with Red Hat redhatrelease2 key
    • BACK