Mandrake Linux Security Advisory : mutt (MDKSA-2007:113)
Low Nessus Plugin ID 25431
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials (CVE-2007-1558).
A flaw in how mutt handled certain characters in gecos fields could lead to a buffer overflow. A local user able to give themselves a carefully crafted Real Name could potentially execute arbitrary code if a victim used mutt to expand the attacker's alias (CVE-2007-2683).
Updated packages have been patched to address these issues.
SolutionUpdate the affected mutt and / or mutt-utf8 packages.