Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0379 -- [UNIX/Linux][RedHat] Moderate: mutt security update 5 June 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mutt Publisher: Red Hat Operating System: Red Hat Enterprise Linux 3, 4 and 5 UNIX variants (UNIX, Linux, OSX) Impact: Access Privileged Data Execute Arbitrary Code/Commands Read-only Data Access Access: Remote/Unauthenticated CVE Names: CVE-2007-2683 CVE-2007-1558 CVE-2006-5297 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0386.html Comment: Note that execution of arbitrary code is only possible if the attacker controls a local account. The separate APOP authentication issue is exploitable remotely via a man-in-the-middle attack. This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running Mutt check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: mutt security update Advisory ID: RHSA-2007:0386-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0386.html Issue date: 2007-06-04 Updated on: 2007-06-04 Product: Red Hat Enterprise Linux Keywords: O_EXCL NFS /tmp race APOP gecos buffer overflow CVE Names: CVE-2006-5297 CVE-2007-1558 CVE-2007-2683 - - --------------------------------------------------------------------- 1. Summary: An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way Mutt handled certain characters in gecos fields which could lead to a buffer overflow. The gecos field is an entry in the password database typically used to record general information about the user. A local attacker could give themselves a carefully crafted "Real Name" which could execute arbitrary code if a victim uses Mutt and expands the attackers alias. (CVE-2007-2683) All users of mutt should upgrade to this updated package, which contains a backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 211085 - CVE-2006-5297 Multiple mutt tempfile race conditions 239890 - CVE-2007-2683 Buffer overflow in mutt's gecos structure handling 241191 - CVE-2007-1558 fetchmail, mutt: APOP vulnerability 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mutt-1.4.1-5.el3.src.rpm 8384ce3449be51139647256577f84079 mutt-1.4.1-5.el3.src.rpm i386: 2491e70c876b4261c801f5d8f08bb392 mutt-1.4.1-5.el3.i386.rpm 1557e00f1cd38f8d24cc707363793ea3 mutt-debuginfo-1.4.1-5.el3.i386.rpm ia64: c62127857df26687f905249b271b27d6 mutt-1.4.1-5.el3.ia64.rpm ff52f817fd6db94baf417635d76ca993 mutt-debuginfo-1.4.1-5.el3.ia64.rpm ppc: 57497e15115caf7d52e7d91ac3e2f554 mutt-1.4.1-5.el3.ppc.rpm 5a828897f38f449d14dc81df2cc3d030 mutt-debuginfo-1.4.1-5.el3.ppc.rpm s390: 84e28ce45290142edb5c79c8673a94ee mutt-1.4.1-5.el3.s390.rpm 321a9791a147132da1b6e775f11b6157 mutt-debuginfo-1.4.1-5.el3.s390.rpm s390x: ae6de5d72918b2e786cc8b716ee394e2 mutt-1.4.1-5.el3.s390x.rpm 985bd21c814921bd775a698210f88a97 mutt-debuginfo-1.4.1-5.el3.s390x.rpm x86_64: 0abea22f29179dd610cf494a5fd6323a mutt-1.4.1-5.el3.x86_64.rpm 65304e5afd0ae6cfaa6bf9aa25a54b89 mutt-debuginfo-1.4.1-5.el3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mutt-1.4.1-5.el3.src.rpm 8384ce3449be51139647256577f84079 mutt-1.4.1-5.el3.src.rpm i386: 2491e70c876b4261c801f5d8f08bb392 mutt-1.4.1-5.el3.i386.rpm 1557e00f1cd38f8d24cc707363793ea3 mutt-debuginfo-1.4.1-5.el3.i386.rpm x86_64: 0abea22f29179dd610cf494a5fd6323a mutt-1.4.1-5.el3.x86_64.rpm 65304e5afd0ae6cfaa6bf9aa25a54b89 mutt-debuginfo-1.4.1-5.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mutt-1.4.1-5.el3.src.rpm 8384ce3449be51139647256577f84079 mutt-1.4.1-5.el3.src.rpm i386: 2491e70c876b4261c801f5d8f08bb392 mutt-1.4.1-5.el3.i386.rpm 1557e00f1cd38f8d24cc707363793ea3 mutt-debuginfo-1.4.1-5.el3.i386.rpm ia64: c62127857df26687f905249b271b27d6 mutt-1.4.1-5.el3.ia64.rpm ff52f817fd6db94baf417635d76ca993 mutt-debuginfo-1.4.1-5.el3.ia64.rpm x86_64: 0abea22f29179dd610cf494a5fd6323a mutt-1.4.1-5.el3.x86_64.rpm 65304e5afd0ae6cfaa6bf9aa25a54b89 mutt-debuginfo-1.4.1-5.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mutt-1.4.1-5.el3.src.rpm 8384ce3449be51139647256577f84079 mutt-1.4.1-5.el3.src.rpm i386: 2491e70c876b4261c801f5d8f08bb392 mutt-1.4.1-5.el3.i386.rpm 1557e00f1cd38f8d24cc707363793ea3 mutt-debuginfo-1.4.1-5.el3.i386.rpm ia64: c62127857df26687f905249b271b27d6 mutt-1.4.1-5.el3.ia64.rpm ff52f817fd6db94baf417635d76ca993 mutt-debuginfo-1.4.1-5.el3.ia64.rpm x86_64: 0abea22f29179dd610cf494a5fd6323a mutt-1.4.1-5.el3.x86_64.rpm 65304e5afd0ae6cfaa6bf9aa25a54b89 mutt-debuginfo-1.4.1-5.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mutt-1.4.1-12.0.3.el4.src.rpm 8b5b2979f71429bc79633117cbfea087 mutt-1.4.1-12.0.3.el4.src.rpm i386: f5e48dd55303f02b11e0ad769e089f9a mutt-1.4.1-12.0.3.el4.i386.rpm 81ececf788ad69d6039a988e2392f5a9 mutt-debuginfo-1.4.1-12.0.3.el4.i386.rpm ia64: b68fe87f13d4d4349c2fe1227633d96c mutt-1.4.1-12.0.3.el4.ia64.rpm 717faa7fc078ca31defa0a4c5b80e6ae mutt-debuginfo-1.4.1-12.0.3.el4.ia64.rpm ppc: 483f45a70c44269805327a0b388627a8 mutt-1.4.1-12.0.3.el4.ppc.rpm 7cc5ea2c5d775e4d5395ba7f2ea20889 mutt-debuginfo-1.4.1-12.0.3.el4.ppc.rpm s390: 4ea9d9bca972ee5bde1a032438390f9d mutt-1.4.1-12.0.3.el4.s390.rpm 874c2ea45149778945a88187275192d8 mutt-debuginfo-1.4.1-12.0.3.el4.s390.rpm s390x: f9ac874d0337bad04384342c1a97e3ba mutt-1.4.1-12.0.3.el4.s390x.rpm b29931e0f331e68d1a3c233650cfefca mutt-debuginfo-1.4.1-12.0.3.el4.s390x.rpm x86_64: eb57c8f98d7efd4bed436348b3ab0d1d mutt-1.4.1-12.0.3.el4.x86_64.rpm ee4049d6821d5595ee6487f5b72e72f0 mutt-debuginfo-1.4.1-12.0.3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mutt-1.4.1-12.0.3.el4.src.rpm 8b5b2979f71429bc79633117cbfea087 mutt-1.4.1-12.0.3.el4.src.rpm i386: f5e48dd55303f02b11e0ad769e089f9a mutt-1.4.1-12.0.3.el4.i386.rpm 81ececf788ad69d6039a988e2392f5a9 mutt-debuginfo-1.4.1-12.0.3.el4.i386.rpm x86_64: eb57c8f98d7efd4bed436348b3ab0d1d mutt-1.4.1-12.0.3.el4.x86_64.rpm ee4049d6821d5595ee6487f5b72e72f0 mutt-debuginfo-1.4.1-12.0.3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mutt-1.4.1-12.0.3.el4.src.rpm 8b5b2979f71429bc79633117cbfea087 mutt-1.4.1-12.0.3.el4.src.rpm i386: f5e48dd55303f02b11e0ad769e089f9a mutt-1.4.1-12.0.3.el4.i386.rpm 81ececf788ad69d6039a988e2392f5a9 mutt-debuginfo-1.4.1-12.0.3.el4.i386.rpm ia64: b68fe87f13d4d4349c2fe1227633d96c mutt-1.4.1-12.0.3.el4.ia64.rpm 717faa7fc078ca31defa0a4c5b80e6ae mutt-debuginfo-1.4.1-12.0.3.el4.ia64.rpm x86_64: eb57c8f98d7efd4bed436348b3ab0d1d mutt-1.4.1-12.0.3.el4.x86_64.rpm ee4049d6821d5595ee6487f5b72e72f0 mutt-debuginfo-1.4.1-12.0.3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mutt-1.4.1-12.0.3.el4.src.rpm 8b5b2979f71429bc79633117cbfea087 mutt-1.4.1-12.0.3.el4.src.rpm i386: f5e48dd55303f02b11e0ad769e089f9a mutt-1.4.1-12.0.3.el4.i386.rpm 81ececf788ad69d6039a988e2392f5a9 mutt-debuginfo-1.4.1-12.0.3.el4.i386.rpm ia64: b68fe87f13d4d4349c2fe1227633d96c mutt-1.4.1-12.0.3.el4.ia64.rpm 717faa7fc078ca31defa0a4c5b80e6ae mutt-debuginfo-1.4.1-12.0.3.el4.ia64.rpm x86_64: eb57c8f98d7efd4bed436348b3ab0d1d mutt-1.4.1-12.0.3.el4.x86_64.rpm ee4049d6821d5595ee6487f5b72e72f0 mutt-debuginfo-1.4.1-12.0.3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mutt-1.4.2.2-3.0.2.el5.src.rpm c7d486555a31e762e5c79f7691ba7f19 mutt-1.4.2.2-3.0.2.el5.src.rpm i386: 1a6a3d9926ff827a50d7fefd3ab005a6 mutt-1.4.2.2-3.0.2.el5.i386.rpm 56c0a075cc057fa5370209560a7edd8a mutt-debuginfo-1.4.2.2-3.0.2.el5.i386.rpm x86_64: 49a78928ccb308daadf1d125a0fabd55 mutt-1.4.2.2-3.0.2.el5.x86_64.rpm aa2871fb4a822a6fe1877b5e9e43e8bc mutt-debuginfo-1.4.2.2-3.0.2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mutt-1.4.2.2-3.0.2.el5.src.rpm c7d486555a31e762e5c79f7691ba7f19 mutt-1.4.2.2-3.0.2.el5.src.rpm i386: 1a6a3d9926ff827a50d7fefd3ab005a6 mutt-1.4.2.2-3.0.2.el5.i386.rpm 56c0a075cc057fa5370209560a7edd8a mutt-debuginfo-1.4.2.2-3.0.2.el5.i386.rpm ia64: 2b8b495900de249098a271b4636744f9 mutt-1.4.2.2-3.0.2.el5.ia64.rpm 4d2636c4c23c82304b0c4f585610b973 mutt-debuginfo-1.4.2.2-3.0.2.el5.ia64.rpm ppc: de51bdae7b7e88051b090fb70bdcc1d1 mutt-1.4.2.2-3.0.2.el5.ppc.rpm 694fe3b6cae509ffd38cb9a046d81e1e mutt-debuginfo-1.4.2.2-3.0.2.el5.ppc.rpm s390x: 5d67045d1f2c21dfb113daed38e6f14c mutt-1.4.2.2-3.0.2.el5.s390x.rpm f7bdaad602781761e79f1f97a7df18b1 mutt-debuginfo-1.4.2.2-3.0.2.el5.s390x.rpm x86_64: 49a78928ccb308daadf1d125a0fabd55 mutt-1.4.2.2-3.0.2.el5.x86_64.rpm aa2871fb4a822a6fe1877b5e9e43e8bc mutt-debuginfo-1.4.2.2-3.0.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGY8evXlSAg2UNWIIRAk1uAJ9TJouyU/cuZwtFKNQ27icrOfiloQCgl0mG BsHIHp/rTGQnkb1FHjRBRgs= =MmNY - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRmStyyh9+71yA2DNAQI0awP+ONhOINDbp+HriOT6uWVtJDQaKOtt/HEg CgmJll6S4ehmfjGeP07Q7sIkrNfnOxahkCFhKsH788vv4adj0G0cy9ytS1hcGJ1j yhTWjHyTn4MVsABkRWoIXj2mdjT2oEo7SzNyb5vERoQlUgNKmeX0mjyQGMzvNQED BFOp/6yFljE= =uj+U -----END PGP SIGNATURE-----