DESCRIPTION:
Frank Denis and Peter Valchev have reported a vulnerability in mutt,
which potentially can be exploited by malicious people to compromise
a vulnerable system.
The vulnerability is caused due to a boundary error in handler.c when
decoding certain e-mail attachments and can potentially be exploited
to execute arbitrary code.
Successful exploitation may require that libiconv/gettext is compiled
against certain versions of libc.
The vulnerability has been reported in versions 1.4.2 (stable) and
1.5.9 (snapshot).
SOLUTION:
Filter e-mail attachments in a gateway.
PROVIDED AND/OR DISCOVERED BY:
Frank Denis and Peter Valchev
ORIGINAL ADVISORY:
http://comments.gmane.org/gmane.mail.mutt.devel/8379
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
{"id": "SECURITYVULNS:DOC:9558", "bulletinFamily": "software", "title": "[SA16485] mutt Attachment Decoding Buffer Overflow Vulnerability", "description": "\r\n----------------------------------------------------------------------\r\n\r\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\r\n\r\n\r\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\r\nSicherheit:\r\nhttp://secunia.com/secunia_vacancies/\r\n\r\n----------------------------------------------------------------------\r\n\r\nTITLE:\r\nmutt Attachment Decoding Buffer Overflow Vulnerability\r\n\r\nSECUNIA ADVISORY ID:\r\nSA16485\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/16485/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nDoS, System access\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\nMutt 1.4.x\r\nhttp://secunia.com/product/1305/\r\n\r\nDESCRIPTION:\r\nFrank Denis and Peter Valchev have reported a vulnerability in mutt,\r\nwhich potentially can be exploited by malicious people to compromise\r\na vulnerable system.\r\n\r\nThe vulnerability is caused due to a boundary error in handler.c when\r\ndecoding certain e-mail attachments and can potentially be exploited\r\nto execute arbitrary code.\r\n\r\nSuccessful exploitation may require that libiconv/gettext is compiled\r\nagainst certain versions of libc.\r\n\r\nThe vulnerability has been reported in versions 1.4.2 (stable) and\r\n1.5.9 (snapshot).\r\n\r\nSOLUTION:\r\nFilter e-mail attachments in a gateway.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nFrank Denis and Peter Valchev\r\n\r\nORIGINAL ADVISORY:\r\nhttp://comments.gmane.org/gmane.mail.mutt.devel/8379\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "published": "2005-08-23T00:00:00", "modified": "2005-08-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9558", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:13", "edition": 1, "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-08-31T11:10:13", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310816896", "OPENVAS:1361412562310816895"]}, {"type": "threatpost", "idList": ["THREATPOST:F28EA4089C930D0CA97E01E5F5BAC88B"]}, {"type": "mskb", "idList": ["KB4011721"]}, {"type": "cve", "idList": ["CVE-2018-9558", "CVE-2014-2595", "CVE-2019-9558", "CVE-2015-9286", "CVE-2014-9558", "CVE-2008-7273", "CVE-2017-9558", "CVE-2008-7272"]}, {"type": "akamaiblog", "idList": ["AKAMAIBLOG:6C074CF4C96BABB3415B764D23850570"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:9558"]}, {"type": "msupdate", "idList": ["MS:98EA3562-1EBA-4613-B5EE-7ECF8A24D48C", "MS:40D8BC1D-AD80-48BD-A0A8-F218746EF859", "MS:FDD62B2A-0E40-4C06-B153-7D2F5E45F613", "MS:AA37EF28-8268-48F1-B054-44A3E869705B"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:151957"]}, {"type": "ossfuzz", "idList": ["OSSFUZZ-9558"]}], "modified": "2018-08-31T11:10:13", "rev": 2}, "vulnersScore": 7.2}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **213[.]218.137.112** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **12**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 8304: (First IP 213.218.128.0, Last IP 213.218.159.255).\nASN Name \"ECRITELFRANCE\" and Organisation \"ISP and web hosting\".\nASN hosts 19386 domains.\nGEO IP information: City \"Longjumeau\", Country \"France\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:D61E6F81-EF26-382B-9558-AE4CC5979A8A", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 213.218.137.112", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **165[.]227.81.93** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2021-01-29T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 14061: (First IP 165.227.0.0, Last IP 165.227.255.255).\nASN Name \"DIGITALOCEANASN\" and Organisation \"DigitalOcean LLC\".\nThis IP is a part of \"**digitalocean**\" address pools.\nASN hosts 3348428 domains.\nGEO IP information: City \"North Bergen\", Country \"United States\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-29T00:00:00", "id": "RST:691A088D-FF5A-3644-9558-9546E0BB4D32", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 165.227.81.93", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **201[.]162.160.240** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **26**.\n First seen: 2021-02-17T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 7438: (First IP 201.162.148.0, Last IP 201.162.162.255).\nASN Name \"\" and Organisation \"Pegaso PCS SA de CV\".\nASN hosts 190 domains.\nGEO IP information: City \"Mexico City\", Country \"Mexico\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-17T00:00:00", "id": "RST:0D3E938F-1AB0-3F3B-9558-085B10D9680A", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 201.162.160.240", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **192[.]241.228.63** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-03-01T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 14061: (First IP 192.241.128.0, Last IP 192.241.255.255).\nASN Name \"DIGITALOCEANASN\" and Organisation \"DigitalOcean LLC\".\nThis IP is a part of \"**digitalocean**\" address pools.\nASN hosts 3348428 domains.\nGEO IP information: City \"San Francisco\", Country \"United States\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-03-01T00:00:00", "id": "RST:ED04FF00-7D30-3E9B-9558-11679A10C89E", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 192.241.228.63", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **188[.]143.233.167** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2019-12-17T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 34665: (First IP 188.143.232.0, Last IP 188.143.233.255).\nASN Name \"PINDCAS\" and Organisation \"\".\nASN hosts 8372 domains.\nGEO IP information: City \"\", Country \"Russia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-17T00:00:00", "id": "RST:ED8FC510-9558-3A35-8203-B9F554CACF4B", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 188.143.233.167", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **adect[.]info** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 81[.]169.145.86\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:8019FA80-9558-38FA-92F9-897F7916FD12", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: adect.info", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **110[.]232.82.177** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **12**.\n First seen: 2020-12-21T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 23679: (First IP 110.232.80.0, Last IP 110.232.83.255).\nASN Name \"NUSANETASID\" and Organisation \"Media Antar Nusa PT\".\nASN hosts 959 domains.\nGEO IP information: City \"Medan\", Country \"Indonesia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-21T00:00:00", "id": "RST:0467D7F9-7130-310E-9558-FD72FAB8BCC1", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 110.232.82.177", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **112[.]126.177.39** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-01-02T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **malware**.\nASN 37963: (First IP 112.124.0.0, Last IP 112.127.255.255).\nASN Name \"CNNICALIBABACNNETAP\" and Organisation \"Hangzhou Alibaba Advertising CoLtd\".\nASN hosts 2783733 domains.\nGEO IP information: City \"\", Country \"China\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-02T00:00:00", "id": "RST:ED9E9A6E-9558-39BD-9564-4937617E72C3", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 112.126.177.39", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **59[.]46.13.123** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-26T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **shellprobe**.\nASN 4134: (First IP 59.44.128.0, Last IP 59.46.127.255).\nASN Name \"CHINANETBACKBONE\" and Organisation \"No31Jinrong Street\".\nASN hosts 1186862 domains.\nGEO IP information: City \"Shenyang\", Country \"China\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-26T00:00:00", "id": "RST:8D508DF5-548D-39D5-9558-ACC67AB5FFD9", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 59.46.13.123", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **67[.]205.179.170** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-11-11T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 14061: (First IP 67.205.128.0, Last IP 67.205.191.255).\nASN Name \"DIGITALOCEANASN\" and Organisation \"DigitalOcean LLC\".\nThis IP is a part of \"**digitalocean**\" address pools.\nASN hosts 3348428 domains.\nGEO IP information: City \"North Bergen\", Country \"United States\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-11T00:00:00", "id": "RST:0B7944FF-6CDB-3CAA-9558-F3BC274C565F", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 67.205.179.170", "type": "rst", "cvss": {}}]}
