Test ID:	1.3.6.1.4.1.25623.1.0.50997
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2003:111
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2003:111. Balsa is a GNOME email client which includes code from Mutt. A potential buffer overflow exists in Balsa versions 1.2 and higher when parsing mailbox names returned by an IMAP server. It is possible that a hostile IMAP server could cause arbitrary code to be executed by the user running Balsa. Additionally, a buffer overflow in libesmtp (an SMTP library used by Balsa) before version 0.8.11 allows a hostile remote SMTP server to execute arbitrary code via a certain response or cause a denial of service via long server responses. Users of Balsa are recommended to upgrade to these erratum packages which include updated versions of Balsa and libesmtp which are not vulnerable to these issues. Red Hat would like to thank CORE security for discovering the vulnerability, and the Mutt team for providing a patch. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-111.html Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0140 BugTraq ID: 7120 http://www.securityfocus.com/bid/7120 Bugtraq: 20030319 mutt-1.4.1 fixes a buffer overflow. (Google Search) http://www.securityfocus.com/archive/1/315679 Bugtraq: 20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent (Google Search) http://marc.info/?l=bugtraq&m=104818814931378&w=2 Bugtraq: 20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt) (Google Search) http://marc.info/?l=bugtraq&m=104817995421439&w=2 Bugtraq: 20030322 GLSA: mutt (200303-19) (Google Search) http://marc.info/?l=bugtraq&m=104852190605988&w=2 Bugtraq: 20030430 GLSA: balsa (200304-10) (Google Search) http://marc.info/?l=bugtraq&m=105171507629573&w=2 Conectiva Linux advisory: CLA-2003:626 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000626 Conectiva Linux advisory: CLA-2003:630 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000630 Debian Security Information: DSA-268 (Google Search) http://www.debian.org/security/2003/dsa-268 http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2003:041 http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434 http://www.redhat.com/support/errata/RHSA-2003-109.html SuSE Security Announcement: SuSE-SA:2003:020 (Google Search) http://www.novell.com/linux/security/advisories/2003_020_mutt.html XForce ISS Database: mutt-folder-name-bo(11583) https://exchange.xforce.ibmcloud.com/vulnerabilities/11583 Common Vulnerability Exposure (CVE) ID: CVE-2002-1090
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.