How to Buy
This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated elm packages are now available that fix a buffer overflow
vulnerability in the 'frm' command.
Elm is a terminal mode email user agent. The frm command is provided
as part of the Elm packages and gives a summary list of the sender and
subject of selected messages in a mailbox or folder.
A buffer overflow vulnerability was found in the frm command. An
attacker could create a message with an overly long Subject line such
that when the frm command is run by a victim arbitrary code is
executed. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0966 to this issue.
Users of the frm command should update to these erratum packages,
which contain a backported security patch that corrects this issue.
Red Hat would like to thank Paul Rubin for discovering and disclosing
See also :
Update the affected elm package.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12449 ()
CVE ID: CVE-2003-0966
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.