7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.715 High
EPSS
Percentile
98.1%
CentOS Errata and Security Advisory CESA-2005:755-01
Elm is a terminal mode email client.
A buffer overflow flaw in Elm was discovered that was triggered by viewing
a mailbox containing a message with a carefully crafted ‘Expires’ header.
An attacker could create a malicious message that would execute arbitrary
code with the privileges of the user who received it. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-2665 to this issue.
Users of Elm should update to this updated package, which contains a
backported patch that corrects this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-August/074258.html
Affected packages:
elm
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | elm | < 2.5.6-6 | elm-2.5.6-6.i386.rpm |