|
|
Family: Red Hat Local Security Checks --> Category: infos
RHSA-2003-111: balsa Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the balsa packages
Detailed Explanation for this Vulnerability Test
Updated Balsa packages are available which fix potential vulnerabilities in
the IMAP handling code and in libesmtp.
Balsa is a GNOME email client which includes code from Mutt.
A potential buffer overflow exists in Balsa versions 1.2 and higher when
parsing mailbox names returned by an IMAP server. It is possible that a
hostile IMAP server could cause arbitrary code to be executed by the user
running Balsa.
Additionally, a buffer overflow in libesmtp (an SMTP library used by Balsa)
before version 0.8.11 allows a hostile remote SMTP server to execute
arbitrary code via a certain response or cause a denial of service via long
server responses.
Users of Balsa are recommended to upgrade to these erratum packages which
include updated versions of Balsa and libesmtp which are not vulnerable to
these issues.
Red Hat would like to thank CORE security for discovering the
vulnerability, and the Mutt team for providing a patch.
Solution : http://rhn.redhat.com/errata/RHSA-2003-111.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
