Lucene search
This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2006-0577.NASLHistoryJul 13, 2006 - 12:00 a.m.
RHEL 2.1 / 3 / 4 : mutt (RHSA-2006:0577)
2006-07-1300:00:00
This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.241 Low
EPSS
Percentile
96.6%
Updated mutt packages that fix a security issue are now available.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Mutt is a text-mode mail user agent.
A buffer overflow flaw was found in the way Mutt processes an overly long namespace from a malicious imap server. In order to exploit this flaw a user would have to use Mutt to connect to a malicious IMAP server. (CVE-2006-3242)
Users of Mutt are advised to upgrade to these erratum packages, which contain a backported patch to correct this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2006:0577. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(22045);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2006-3242");
script_xref(name:"RHSA", value:"2006:0577");
script_name(english:"RHEL 2.1 / 3 / 4 : mutt (RHSA-2006:0577)");
script_summary(english:"Checks the rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Updated mutt packages that fix a security issue are now available.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Mutt is a text-mode mail user agent.
A buffer overflow flaw was found in the way Mutt processes an overly
long namespace from a malicious imap server. In order to exploit this
flaw a user would have to use Mutt to connect to a malicious IMAP
server. (CVE-2006-3242)
Users of Mutt are advised to upgrade to these erratum packages, which
contain a backported patch to correct this issue."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2006-3242"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2006:0577"
);
script_set_attribute(attribute:"solution", value:"Update the affected mutt package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mutt");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/27");
script_set_attribute(attribute:"patch_publication_date", value:"2006/07/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/13");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2006:0577";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mutt-1.2.5.1-2.rhel21")) flag++;
if (rpm_check(release:"RHEL3", reference:"mutt-1.4.1-3.5.rhel3")) flag++;
if (rpm_check(release:"RHEL4", reference:"mutt-1.4.1-11.rhel4")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | mutt | p-cpe:/a:redhat:enterprise_linux:mutt |
| redhat | enterprise_linux | 2.1 | cpe:/o:redhat:enterprise_linux:2.1 |
| redhat | enterprise_linux | 3 | cpe:/o:redhat:enterprise_linux:3 |
| redhat | enterprise_linux | 4 | cpe:/o:redhat:enterprise_linux:4 |
Related
nessus
nessus
Mandrake Linux Security Advisory : mutt (MDKSA-2006:115)
2006-06-29 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : mutt (SSA:2006-207-01)
2006-07-28 00:00:00
CentOS 3 / 4 : mutt (CESA-2006:0577)
2006-07-13 00:00:00
openvas
openvas
Debian Security Advisory DSA 1108-1 (mutt)
2008-01-17 00:00:00
FreeBSD Ports: mutt, mutt-lite
2008-09-04 00:00:00
FreeBSD Ports: mutt, mutt-lite
2008-09-04 00:00:00
centos
centos
mutt security update
2006-07-13 00:49:58
mutt security update
2006-07-12 19:04:58
nvd
nvd
CVE-2006-3242
2006-06-27 10:05:00
securityvulns
securityvulns
[ GLSA 200606-27 ] Mutt: Buffer overflow
2006-06-30 00:00:00
gentoo
gentoo
Mutt: Buffer overflow
2006-06-28 00:00:00
ubuntucve
ubuntucve
CVE-2006-3242
2006-06-27 00:00:00
seebug
seebug
Mutt BROWSE_GET_NAMESPACE IMAPεη§°η©Ίι΄ε€ηθΏη¨ζΊ’εΊζΌζ΄
2007-12-31 00:00:00
debiancve
debiancve
CVE-2006-3242
2006-06-27 10:05:00
redhat
redhat
(RHSA-2006:0577) mutt security update
2006-07-12 00:00:00
cve
cve
CVE-2006-3242
2006-06-27 10:05:00
slackware
slackware
[slackware-security] mutt
2006-07-26 21:24:44
cvelist
cvelist
CVE-2006-3242
2006-06-27 10:00:00
debian
debian
[SECURITY] [DSA 1108-1] New mutt packages fix arbitrary code execution
2006-07-10 22:11:11
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.241 Low
EPSS
Percentile
96.6%
Related for REDHAT-RHSA-2006-0577.NASL