CVE-2004-0078

Current Description

Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.

Basic Data

PublishedMarch 03, 2004
Last ModifiedOctober 10, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMuttMutt1.2.1*******
    2.3ApplicationMuttMutt1.2.5*******
    2.3ApplicationMuttMutt1.2.5.1*******
    2.3ApplicationMuttMutt1.2.5.4*******
    2.3ApplicationMuttMutt1.2.5.5*******
    2.3ApplicationMuttMutt1.2.5.12*******
    2.3ApplicationMuttMutt1.2.5.12_ol*******
    2.3ApplicationMuttMutt1.3.12*******
    2.3ApplicationMuttMutt1.3.12.1*******
    2.3ApplicationMuttMutt1.3.16*******
    2.3ApplicationMuttMutt1.3.17*******
    2.3ApplicationMuttMutt1.3.22*******
    2.3ApplicationMuttMutt1.3.24*******
    2.3ApplicationMuttMutt1.3.25*******
    2.3ApplicationMuttMutt1.3.27*******
    2.3ApplicationMuttMutt1.3.28*******
    2.3ApplicationMuttMutt1.4.0*******
    2.3ApplicationMuttMutt1.4.1*******

Vulnerable Software List

VendorProductVersions
Mutt Mutt 1.2.1, 1.2.5, 1.2.5.1, 1.2.5.12, 1.2.5.12_ol, 1.2.5.4, 1.2.5.5, 1.3.12, 1.3.12.1, 1.3.16, 1.3.17, 1.3.22, 1.3.24, 1.3.25, 1.3.27, 1.3.28, 1.4.0, 1.4.1

References

NameSourceURLTags
CSSA-2004-013.0ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txtCALDERA
http://bugs.debian.org/126336http://bugs.debian.org/126336CONFIRM
20040211 Mutt-1.4.2 fixes buffer overflow.http://marc.info/?l=bugtraq&m=107651677817933&w=2BUGTRAQ
20040215 LNSA-#2004-0001: mutt remote crashhttp://marc.info/?l=bugtraq&m=107696262905039&w=2BUGTRAQ
20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)http://marc.info/?l=bugtraq&m=107884956930903&w=2BUGTRAQ
MDKSA-2004:010http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010MANDRAKE
3918http://www.osvdb.org/3918OSVDB
RHSA-2004:050http://www.redhat.com/support/errata/RHSA-2004-050.htmlREDHATPATCH Vendor Advisory
RHSA-2004:051http://www.redhat.com/support/errata/RHSA-2004-051.htmlREDHATPATCH Vendor Advisory
9641http://www.securityfocus.com/bid/9641BIDPATCH Vendor Advisory
SSA:2004-043http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053SLACKWARE
mutt-index-menu-bo(15134)https://exchange.xforce.ibmcloud.com/vulnerabilities/15134XF
oval:org.mitre.oval:def:811https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811OVAL
oval:org.mitre.oval:def:838https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838OVAL