Vulnerability Name:

CVE-2004-0078 (CCN-15134)

Assigned:2004-02-11
Published:2004-02-11
Updated:2017-10-10
Summary:Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CALDERA
Type: UNKNOWN
CSSA-2004-013.0

Source: CCN
Type: BugTraq Mailing List, Wed Feb 11 2004 - 08:21:14 CST
Mutt-1.4.2 fixes buffer overflow.

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/126336

Source: CCN
Type: Bugzilla Red Hat Bug #: 114452
CAN-2004-0078 Mutt can be remotely crashed

Source: MITRE
Type: CNA
CVE-2004-0078

Source: BUGTRAQ
Type: UNKNOWN
20040211 Mutt-1.4.2 fixes buffer overflow.

Source: BUGTRAQ
Type: UNKNOWN
20040215 LNSA-#2004-0001: mutt remote crash

Source: BUGTRAQ
Type: UNKNOWN
20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)

Source: CCN
Type: RHSA-2004-050
mutt security update

Source: CCN
Type: RHSA-2004-051
Updated mutt packages fix remotely-triggerable crash

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0006
mutt

Source: CCN
Type: SCO Security Advisory CSSA-2004-013.0
OpenLinux: mutt remote buffer overflow

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:010

Source: CCN
Type: Mutt Web site
The Mutt E-Mail Client

Source: CCN
Type: OpenPKG-SA-2004.005
Mutt

Source: OSVDB
Type: UNKNOWN
3918

Source: CCN
Type: OSVDB ID: 3918
Mutt menu.c menu_pad_string Function Index Menu Code Remote Overflow DoS

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:050

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:051

Source: BID
Type: Patch, Vendor Advisory
9641

Source: CCN
Type: BID-9641
Mutt Menu Drawing Remote Buffer Overflow Vulnerability

Source: SLACKWARE
Type: UNKNOWN
SSA:2004-043

Source: CCN
Type: slackware-security Mailing List, Thu, 12 Feb 2004 12:19:00 -0800 (PST)
mutt security update (SSA:2004-043-01)

Source: XF
Type: UNKNOWN
mutt-index-menu-bo(15134)

Source: XF
Type: UNKNOWN
mutt-index-menu-bo(15134)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:811

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:838

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mutt:mutt:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.3.16:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.3.17:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.3.22:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.3.25:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.3.27:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.3.28:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:mutt:mutt:1.4.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040078
    V
    		CVE-2004-0078
    2015-11-16
    oval:org.mitre.oval:def:10648
    V
    		Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
    2013-04-29
    oval:org.mitre.oval:def:811
    V
    		Red Hat Mutt BO in Index Menu
    2007-04-25
    oval:org.mitre.oval:def:838
    V
    		Red Hat Enterprise 3 Mutt BO in Index Menu
    2007-04-25
    oval:com.redhat.rhsa:def:20040050
    P
    		RHSA-2004:050: mutt security update (Important)
    2004-02-11
    BACK
    mutt mutt 1.2.1
    mutt mutt 1.2.5
    mutt mutt 1.2.5.1
    mutt mutt 1.2.5.4
    mutt mutt 1.2.5.5
    mutt mutt 1.2.5.12
    mutt mutt 1.2.5.12_ol
    mutt mutt 1.3.12
    mutt mutt 1.3.12.1
    mutt mutt 1.3.16
    mutt mutt 1.3.17
    mutt mutt 1.3.22
    mutt mutt 1.3.24
    mutt mutt 1.3.25
    mutt mutt 1.3.27
    mutt mutt 1.3.28
    mutt mutt 1.4.0
    mutt mutt 1.4.1