RHEL 3 : mutt (RHSA-2004:050)
High Nessus Plugin ID 12461
SynopsisThe remote Red Hat host is missing a security update.
DescriptionNew mutt packages that fix a remotely-triggerable crash in the menu drawing code are now available.
Mutt is a text-mode mail user agent.
A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0078 to this issue.
It is recommended that all mutt users upgrade to these updated packages, which contain a backported security patch and are not vulnerable to this issue.
Red Hat would like to thank Niels Heinen for reporting this issue.
Note: mutt-18.104.22.168 in Red Hat Enterprise Linux 2.1 is not vulnerable to this issue.
SolutionUpdate the affected mutt package.