|
|
Family: Debian Local Security Checks --> Category: infos
[DSA300] DSA-300-1 balsa Vulnerability Scan
Vulnerability Scan Summary
DSA-300-1 balsa
Detailed Explanation for this Vulnerability Test
Byrial Jensen discovered a couple of off-by-one buffer overflow in the
IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME,
GPG, PGP and threading. This code is imported in the Balsa package.
This problem could potentially allow a remote malicious IMAP server to
cause a denial of service (crash) and possibly execute arbitrary code
via a specially crafted mail folder.
For the stable distribution (woody) this problem has been fixed in
version 1.2.4-2.2.
The old stable distribution (potato) does not seem to be affected by
this problem.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your balsa package.
Solution : http://www.debian.org/security/2003/dsa-300
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
