Test ID:	1.3.6.1.4.1.25623.1.0.59722
Category:	Fedora Local Security Checks
Title:	Fedora Core 7 FEDORA-2007-0001 (mutt)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mutt announced via advisory FEDORA-2007-0001. Mutt is a text-mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you have used it in the past and you prefer it, or if you are new to mail programs and have not decided which one you are going to use. Update Information: This update fixes two security issues: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. (CVE-2007-1558) Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via & characters in the GECOS field, which triggers the overflow during alias expansion. (CVE-2007-2683) ChangeLog: * Thu May 31 2007 Miroslav Lichvar 5:1.5.14-4 - validate msgid in APOP authentication (CVE-2007-1558) - fix overflow in gecos field handling (CVE-2007-2683) References: CVE-2007-2683 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683 CVE-2007-1558 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 Updated packages: 0d77cc0f649490abd9f9f5647e4e2913e00159d8 mutt-1.5.14-4.fc7.ppc64.rpm d785c471a51d451659879c46f658c0092464408b mutt-debuginfo-1.5.14-4.fc7.ppc64.rpm 89497641c382a999a84f9104dd313bf07b7e716b mutt-debuginfo-1.5.14-4.fc7.i386.rpm 001d473a42444ca1fa6199fdbff01d830553a2f5 mutt-1.5.14-4.fc7.i386.rpm 114cf3b1e8b53f083d8aa1b35f3aa2721fbdeb17 mutt-1.5.14-4.fc7.x86_64.rpm cbf04dc13dbb231be3a364531067b1a5a826e69d mutt-debuginfo-1.5.14-4.fc7.x86_64.rpm 2726b125f4f05053507b4efee16a689b37e6dea6 mutt-1.5.14-4.fc7.ppc.rpm 616e62c1e6b402709285d54dbefc03da034fbe67 mutt-debuginfo-1.5.14-4.fc7.ppc.rpm 240746a7009d04df72e45d3b29999fc11f0a320f mutt-1.5.14-4.fc7.src.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-0001 Risk factor : Medium CVSS Score: 3.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1558 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html BugTraq ID: 23257 http://www.securityfocus.com/bid/23257 Bugtraq: 20070402 APOP vulnerability (Google Search) http://www.securityfocus.com/archive/1/464477/30/0/threaded Bugtraq: 20070403 Re: APOP vulnerability (Google Search) http://www.securityfocus.com/archive/1/464569/100/0/threaded Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search) http://www.securityfocus.com/archive/1/470172/100/200/threaded Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search) http://www.securityfocus.com/archive/1/471455/100/0/threaded Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search) http://www.securityfocus.com/archive/1/471720/100/0/threaded Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search) http://www.securityfocus.com/archive/1/471842/100/0/threaded Cert/CC Advisory: TA07-151A http://www.us-cert.gov/cas/techalerts/TA07-151A.html Debian Security Information: DSA-1300 (Google Search) http://www.debian.org/security/2007/dsa-1300 Debian Security Information: DSA-1305 (Google Search) http://www.debian.org/security/2007/dsa-1305 http://security.gentoo.org/glsa/glsa-200706-06.xml HPdes Security Advisory: HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HPdes Security Advisory: HPSBUX02156 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 HPdes Security Advisory: SSRT061181 HPdes Security Advisory: SSRT061236 http://www.mandriva.com/security/advisories?name=MDKSA-2007:105 http://www.mandriva.com/security/advisories?name=MDKSA-2007:107 http://www.mandriva.com/security/advisories?name=MDKSA-2007:113 http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html http://www.openwall.com/lists/oss-security/2009/08/15/1 http://www.openwall.com/lists/oss-security/2009/08/18/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782 http://www.redhat.com/support/errata/RHSA-2007-0344.html http://www.redhat.com/support/errata/RHSA-2007-0353.html http://www.redhat.com/support/errata/RHSA-2007-0385.html http://www.redhat.com/support/errata/RHSA-2007-0386.html http://www.redhat.com/support/errata/RHSA-2007-0401.html http://www.redhat.com/support/errata/RHSA-2007-0402.html http://www.redhat.com/support/errata/RHSA-2009-1140.html http://www.securitytracker.com/id?1018008 http://secunia.com/advisories/25353 http://secunia.com/advisories/25402 http://secunia.com/advisories/25476 http://secunia.com/advisories/25496 http://secunia.com/advisories/25529 http://secunia.com/advisories/25534 http://secunia.com/advisories/25546 http://secunia.com/advisories/25559 http://secunia.com/advisories/25664 http://secunia.com/advisories/25750 http://secunia.com/advisories/25798 http://secunia.com/advisories/25858 http://secunia.com/advisories/25894 http://secunia.com/advisories/26083 http://secunia.com/advisories/26415 http://secunia.com/advisories/35699 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 SuSE Security Announcement: SUSE-SA:2007:036 (Google Search) http://www.novell.com/linux/security/advisories/2007_36_mozilla.html SuSE Security Announcement: SUSE-SR:2007:014 (Google Search) http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.trustix.org/errata/2007/0019/ http://www.trustix.org/errata/2007/0024/ http://www.ubuntu.com/usn/usn-469-1 http://www.ubuntu.com/usn/usn-520-1 http://www.vupen.com/english/advisories/2007/1466 http://www.vupen.com/english/advisories/2007/1467 http://www.vupen.com/english/advisories/2007/1468 http://www.vupen.com/english/advisories/2007/1480 http://www.vupen.com/english/advisories/2007/1939 http://www.vupen.com/english/advisories/2007/1994 http://www.vupen.com/english/advisories/2007/2788 http://www.vupen.com/english/advisories/2008/0082 Common Vulnerability Exposure (CVE) ID: CVE-2007-2683 BugTraq ID: 24192 http://www.securityfocus.com/bid/24192 http://dev.mutt.org/trac/ticket/2885 http://osvdb.org/34973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543 http://www.securitytracker.com/id?1018066 http://secunia.com/advisories/25408 http://secunia.com/advisories/25515 XForce ISS Database: mutt-gecos-bo(34441) https://exchange.xforce.ibmcloud.com/vulnerabilities/34441
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.