Lucene search

CentOS ProjectCESA-2005:755-01

HistoryAug 23, 2005 - 11:10 p.m.

elm security update

2005-08-2323:10:58

CentOS Project

lists.centos.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.715 High

EPSS

Percentile

98.1%

JSON

CentOS Errata and Security Advisory CESA-2005:755-01

Elm is a terminal mode email client.

A buffer overflow flaw in Elm was discovered that was triggered by viewing
a mailbox containing a message with a carefully crafted ‘Expires’ header.
An attacker could create a malicious message that would execute arbitrary
code with the privileges of the user who received it. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-2665 to this issue.

Users of Elm should update to this updated package, which contains a
backported patch that corrects this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-August/074258.html

Affected packages:
elm

OSVersionArchitecturePackageVersionFilename
CentOS2i386elm< 2.5.6-6elm-2.5.6-6.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	2	i386	elm	< 2.5.6-6	elm-2.5.6-6.i386.rpm

References

steadfast.net/

www.ict.swin.edu.au/staff/jnewbigin

rhn.redhat.com/errata/rh21as-errata.html

twitter.com/centos

www.facebook.com/groups/centosproject/

www.linkedin.com/groups/22405

www.reddit.com/r/CentOS/

youtube.com/TheCentOSProject

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.715 High

EPSS

Percentile

98.1%

JSON

Related for CESA-2005:755-01