Flaw: Mutt Controlled IMAP server buffer overflow

According to a new release from Core Labs, “The Mutt Mail User Agent (MUA) has support for accessing remote mailboxes through the IMAP protocol. By controlling a malicious IMAP server and providing a specially crafted folder, an attacker can crash the mail reader and possibly force execution of arbitrary commands on the vulnerable system with the privileges of the user running Mutt.”

Versions of Mutt up to, and including, 1.4.0 (stable) and versions of Mutt up to, and including, 1.5.3 (unstable) are vulnerable.

More information on the flaw, as well as a fix for select versions, is available at: http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10

Join the newsletter!

Error: Please check your email address.

More about MUA

Show Comments

Market Place