An issue was discovered in Mutt before 1.10.1 and NeoMutt before
2018-07-16. pop.c does not forbid characters that may have unsafe
interaction with message-cache pathnames, as demonstrated by a '/'
character.
{"debiancve": [{"lastseen": "2022-12-17T15:19:13", "description": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-17T17:29:00", "type": "debiancve", "title": "CVE-2018-14362", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14362"], "modified": "2018-07-17T17:29:00", "id": "DEBIANCVE:CVE-2018-14362", "href": "https://security-tracker.debian.org/tracker/CVE-2018-14362", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2022-07-07T11:09:58", "description": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-18T19:50:22", "type": "redhatcve", "title": "CVE-2018-14362", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14362"], "modified": "2022-07-07T10:29:21", "id": "RH:CVE-2018-14362", "href": "https://access.redhat.com/security/cve/cve-2018-14362", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:14:18", "description": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-17T17:29:00", "type": "cve", "title": "CVE-2018-14362", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14362"], "modified": "2020-05-19T17:19:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.7"], "id": "CVE-2018-14362", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14362", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2021-10-19T20:38:57", "description": "Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es):\n\n* mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\n* mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-08-20T14:42:31", "type": "redhat", "title": "(RHSA-2018:2526) Important: mutt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2018-08-20T14:47:43", "id": "RHSA-2018:2526", "href": "https://access.redhat.com/errata/RHSA-2018:2526", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:48", "description": "[5:1.5.21-28]\n- Resolves: CVE-2018-14354 CVE-2018-14357 CVE-2018-14362", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-08-20T00:00:00", "type": "oraclelinux", "title": "mutt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2018-08-20T00:00:00", "id": "ELSA-2018-2526", "href": "http://linux.oracle.com/errata/ELSA-2018-2526.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:26", "description": "Check the version of mutt", "cvss3": {}, "published": "2018-08-21T00:00:00", "type": "openvas", "title": "CentOS Update for mutt CESA-2018:2526 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14362", "CVE-2018-14354", "CVE-2018-14357"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882938", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_2526_mutt_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for mutt CESA-2018:2526 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882938\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-21 06:41:51 +0200 (Tue, 21 Aug 2018)\");\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for mutt CESA-2018:2526 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of mutt\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mutt is a low resource, highly configurable, text-based MIME e-mail client.\nMutt supports most e-mail storing formats, such as mbox and Maildir, as\nwell as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es):\n\n * mutt: Remote code injection vulnerability to an IMAP mailbox\n(CVE-2018-14354)\n\n * mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n * mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.\");\n script_tag(name:\"affected\", value:\"mutt on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:2526\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-August/022992.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mutt\", rpm:\"mutt~1.5.21~28.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:33", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2018-1305)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14362", "CVE-2018-14354", "CVE-2018-14357"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181305", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1305\");\n script_version(\"2020-01-23T11:21:20+0000\");\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:21:20 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:21:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2018-1305)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1305\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1305\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mutt' package(s) announced via the EulerOS-SA-2018-1305 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\nmutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\nmutt: POP body caching path traversal vulnerability (CVE-2018-14362)\");\n\n script_tag(name:\"affected\", value:\"'mutt' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt\", rpm:\"mutt~1.5.21~28\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2018-1304)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14362", "CVE-2018-14354", "CVE-2018-14357"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181304", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181304", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1304\");\n script_version(\"2020-01-23T11:21:17+0000\");\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:21:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:21:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2018-1304)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1304\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1304\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mutt' package(s) announced via the EulerOS-SA-2018-1304 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\nmutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\nmutt: POP body caching path traversal vulnerability (CVE-2018-14362)\");\n\n script_tag(name:\"affected\", value:\"'mutt' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt\", rpm:\"mutt~1.5.21~28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:25", "description": "Check the version of mutt", "cvss3": {}, "published": "2018-08-21T00:00:00", "type": "openvas", "title": "CentOS Update for mutt CESA-2018:2526 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14362", "CVE-2018-14354", "CVE-2018-14357"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882937", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882937", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_2526_mutt_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for mutt CESA-2018:2526 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882937\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-21 06:41:28 +0200 (Tue, 21 Aug 2018)\");\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for mutt CESA-2018:2526 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of mutt\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mutt is a low resource, highly configurable, text-based MIME e-mail client.\nMutt supports most e-mail storing formats, such as mbox and Maildir, as\nwell as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es):\n\n * mutt: Remote code injection vulnerability to an IMAP mailbox\n(CVE-2018-14354)\n\n * mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n * mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.\");\n script_tag(name:\"affected\", value:\"mutt on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:2526\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-August/022988.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"mutt\", rpm:\"mutt~1.5.20~9.20091214hg736b6a.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for mutt USN-3719-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843642", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3719_3.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for mutt USN-3719-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843642\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-28 08:19:24 +0200 (Fri, 28 Sep 2018)\");\n script_cve_id(\"CVE-2018-14350\", \"CVE-2018-14352\", \"CVE-2018-14354\", \"CVE-2018-14359\",\n \"CVE-2018-14358\", \"CVE-2018-14353\", \"CVE-2018-14357\", \"CVE-2018-14355\",\n \"CVE-2018-14356\", \"CVE-2018-14351\", \"CVE-2018-14362\", \"CVE-2018-14349\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mutt USN-3719-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mutt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"insight\", value:\"USN-3719-1 fixed vulnerabilities in Mutt.\nUnfortunately, the fixes were not correctly applied to the packaging for Mutt in\nUbuntu 16.04 LTS. This update corrects the oversight.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that Mutt incorrectly handled certain requests.\nAn attacker could possibly use this to execute arbitrary code.\n(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359,\nCVE-2018-14358, CVE-2018-14353, CVE-2018-14357)\n\nIt was discovered that Mutt incorrectly handled certain inputs.\nAn attacker could possibly use this to access or expose sensitive\ninformation. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351,\nCVE-2018-14362, CVE-2018-14349)\");\n script_tag(name:\"affected\", value:\"mutt on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3719-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3719-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mutt\", ver:\"1.5.24-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mutt-patched\", ver:\"1.5.24-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-02T00:00:00", "type": "openvas", "title": "Fedora Update for mutt FEDORA-2018-502e31a658", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874884", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874884", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_502e31a658_mutt_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mutt FEDORA-2018-502e31a658\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874884\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-02 06:05:02 +0200 (Thu, 02 Aug 2018)\");\n script_cve_id(\"CVE-2018-14358\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14356\",\n \"CVE-2018-14359\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14362\",\n \"CVE-2018-14357\", \"CVE-2018-14350\", \"CVE-2018-14349\", \"CVE-2018-14351\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mutt FEDORA-2018-502e31a658\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mutt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mutt on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-502e31a658\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADQDKEL55ISBMHUFNGN76SC3IQWJC73M\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mutt\", rpm:\"mutt~1.9.2~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-02T00:00:00", "type": "openvas", "title": "Fedora Update for mutt FEDORA-2018-f1438c5833", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874878", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874878", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_f1438c5833_mutt_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mutt FEDORA-2018-f1438c5833\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874878\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-02 06:03:48 +0200 (Thu, 02 Aug 2018)\");\n script_cve_id(\"CVE-2018-14358\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14356\",\n \"CVE-2018-14359\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14362\",\n \"CVE-2018-14357\", \"CVE-2018-14350\", \"CVE-2018-14349\", \"CVE-2018-14351\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mutt FEDORA-2018-f1438c5833\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mutt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mutt on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-f1438c5833\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAEYBSZPZ6PAWGFNHLCBPAKO6INA3JFQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"mutt\", rpm:\"mutt~1.10.1~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for mutt USN-3719-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3719_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for mutt USN-3719-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843788\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-14350\", \"CVE-2018-14352\", \"CVE-2018-14354\", \"CVE-2018-14359\", \"CVE-2018-14358\", \"CVE-2018-14353\", \"CVE-2018-14357\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14351\", \"CVE-2018-14362\", \"CVE-2018-14349\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:19:50 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for mutt USN-3719-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3719-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3719-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mutt'\n package(s) announced via the USN-3719-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Mutt incorrectly handled certain requests.\nAn attacker could possibly use this to execute arbitrary code.\n(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359,\nCVE-2018-14358, CVE-2018-14353, CVE-2018-14357)\n\nIt was discovered that Mutt incorrectly handled certain inputs.\nAn attacker could possibly use this to access or expose sensitive\ninformation. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351,\nCVE-2018-14362, CVE-2018-14349)\");\n\n script_tag(name:\"affected\", value:\"mutt on Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mutt\", ver:\"1.5.21-6.4ubuntu2.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mutt-patched\", ver:\"1.5.21-6.4ubuntu2.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mutt\", ver:\"1.9.4-3ubuntu0.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mutt\", ver:\"1.5.24-1ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mutt-patched\", ver:\"1.5.24-1ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:34", "description": "Several vulnerabilities were discovered in Mutt, a text-based mailreader\nsupporting MIME, GPG, PGP and threading, potentially leading to code\nexecution, denial of service or information disclosure when connecting\nto a malicious mail/NNTP server.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4277-1 (mutt - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14360", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14363", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14361", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704277", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704277", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4277-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704277\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\",\n \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\",\n \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n script_name(\"Debian Security Advisory DSA 4277-1 (mutt - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-08-17 00:00:00 +0200 (Fri, 17 Aug 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4277.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"mutt on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.7.2-1+deb9u1.\n\nWe recommend that you upgrade your mutt packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/mutt\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in Mutt, a text-based mailreader\nsupporting MIME, GPG, PGP and threading, potentially leading to code\nexecution, denial of service or information disclosure when connecting\nto a malicious mail/NNTP server.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"mutt\", ver:\"1.7.2-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:11:00", "description": "Several vulnerabilities have been discovered in mutt, a sophisticated\ntext-based Mail User Agent, resulting in denial of service, stack-based\nbuffer overflow, arbitrary command execution, and directory traversal\nflaws.", "cvss3": {}, "published": "2018-08-03T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for mutt (DLA-1455-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14360", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14363", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14361", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891455", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891455\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\",\n \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\",\n \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n script_name(\"Debian LTS: Security Advisory for mutt (DLA-1455-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-08-03 00:00:00 +0200 (Fri, 03 Aug 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"mutt on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.5.23-3+deb8u1.\n\nWe recommend that you upgrade your mutt packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in mutt, a sophisticated\ntext-based Mail User Agent, resulting in denial of service, stack-based\nbuffer overflow, arbitrary command execution, and directory traversal\nflaws.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"mutt\", ver:\"1.5.23-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mutt-dbg\", ver:\"1.5.23-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mutt-patched\", ver:\"1.5.23-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:48:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-01-18T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mutt (openSUSE-SU-2019:0052-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2014-9116", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14360", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14363", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14361", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852239", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852239", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852239\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2014-9116\", \"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\",\n \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\",\n \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\",\n \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-18 04:01:24 +0100 (Fri, 18 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for mutt (openSUSE-SU-2019:0052-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0052-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00018.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mutt'\n package(s) announced via the openSUSE-SU-2019:0052-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mutt fixes the following issues:\n\n Security issues fixed:\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status\n mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer\n underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have\n unsafe interaction with message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers\n via backquote characters (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave\n room for quote characters (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID\n (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal\n in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without\n a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer\n overflow for a FETCH response with along INTERNALDATE field\n (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/'\n characters that may have unsafe interaction with cache pathnames\n (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer\n overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based\n buffer overflow because of incorrect sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute\n arbitrary commands via backquote characters (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails\n for messages data (bsc#1101568).\n\n Bug fixes:\n\n - mutt reports as neomutt and incorrect version (bsc#1094717)\n\n - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517\n (bsc#980830)\n\n - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129)\n\n - (neo)mutt displaying times in Zulu time (bsc#1061343)\n\n - mutt unconditionally segfaults when displaying a message (bsc#986534)\n\n - For openSUSE Leap 42.3, retain split of -lang and -doc (boo#1120935)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-52=1\");\n\n script_tag(name:\"affected\", value:\"mutt on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"mutt-doc\", rpm:\"mutt-doc~1.10.1~2.5.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt-lang\", rpm:\"mutt-lang~1.10.1~2.5.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt\", rpm:\"mutt~1.10.1~2.5.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt-debuginfo\", rpm:\"mutt-debuginfo~1.10.1~2.5.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt-debugsource\", rpm:\"mutt-debugsource~1.10.1~2.5.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:40:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mutt (openSUSE-SU-2018:2212-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2014-9116", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14360", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14363", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14361", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851977", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851977\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2014-9116\", \"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:25:22 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for mutt (openSUSE-SU-2018:2212-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2212-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00013.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mutt'\n package(s) announced via the openSUSE-SU-2018:2212-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mutt fixes the following issues:\n\n Security issues fixed:\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status\n mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer\n underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have\n unsafe interaction with message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers\n via backquote characters (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave\n room for quote characters (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID\n (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal\n in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without\n a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer\n overflow for a FETCH response with along INTERNALDATE field\n (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/'\n characters that may have unsafe interaction with cache pathnames\n (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer\n overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based\n buffer overflow because of incorrect sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute\n arbitrary commands via backquote characters (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails\n for messages data (bsc#1101568).\n\n Bug fixes:\n\n - mutt reports as neomutt and incorrect version (bsc#1094717)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-809=1\");\n\n script_tag(name:\"affected\", value:\"mutt on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"mutt-doc\", rpm:\"mutt-doc~1.10.1~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt-lang\", rpm:\"mutt-lang~1.10.1~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt\", rpm:\"mutt~1.10.1~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt-debuginfo\", rpm:\"mutt-debuginfo~1.10.1~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mutt-debugsource\", rpm:\"mutt-debugsource~1.10.1~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2022-11-01T22:04:38", "description": "**Issue Overview:**\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.(CVE-2018-14362)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.(CVE-2018-14354)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.(CVE-2018-14357)\n\n \n**Affected Packages:** \n\n\nmutt\n\n \n**Issue Correction:** \nRun _yum update mutt_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 mutt-1.5.21-28.amzn2.i686 \n \u00a0\u00a0\u00a0 mutt-debuginfo-1.5.21-28.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 mutt-1.5.21-28.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 mutt-1.5.21-28.amzn2.x86_64 \n \u00a0\u00a0\u00a0 mutt-debuginfo-1.5.21-28.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2018-14354](<https://access.redhat.com/security/cve/CVE-2018-14354>), [CVE-2018-14357](<https://access.redhat.com/security/cve/CVE-2018-14357>), [CVE-2018-14362](<https://access.redhat.com/security/cve/CVE-2018-14362>)\n\nMitre: [CVE-2018-14354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354>), [CVE-2018-14357](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357>), [CVE-2018-14362](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-12T22:24:00", "type": "amazon", "title": "Important: mutt", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2018-09-15T03:55:00", "id": "ALAS2-2018-1077", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1077.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:41:48", "description": "**CentOS Errata and Security Advisory** CESA-2018:2526\n\n\nMutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es):\n\n* mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\n* mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2018-August/072463.html\nhttps://lists.centos.org/pipermail/centos-announce/2018-August/072467.html\n\n**Affected packages:**\nmutt\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2018:2526", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-21T00:49:34", "type": "centos", "title": "mutt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2018-08-21T01:07:55", "id": "CESA-2018:2526", "href": "https://lists.centos.org/pipermail/centos-announce/2018-August/072463.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-18T14:20:29", "description": "From Red Hat Security Advisory 2018:2526 :\n\nAn update for mutt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es) :\n\n* mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\n* mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-21T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : mutt (ELSA-2018-2526)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mutt", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-2526.NASL", "href": "https://www.tenable.com/plugins/nessus/112025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:2526 and \n# Oracle Linux Security Advisory ELSA-2018-2526 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112025);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n script_xref(name:\"RHSA\", value:\"2018:2526\");\n\n script_name(english:\"Oracle Linux 6 / 7 : mutt (ELSA-2018-2526)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:2526 :\n\nAn update for mutt is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMutt is a low resource, highly configurable, text-based MIME e-mail\nclient. Mutt supports most e-mail storing formats, such as mbox and\nMaildir, as well as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es) :\n\n* mutt: Remote code injection vulnerability to an IMAP mailbox\n(CVE-2018-14354)\n\n* mutt: Remote Code Execution via backquote characters\n(CVE-2018-14357)\n\n* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-August/007999.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-August/008000.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mutt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"mutt-1.5.20-9.20091214hg736b6a.el6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mutt-1.5.21-28.el7_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:37:09", "description": "According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\n - mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n - mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : mutt (EulerOS-SA-2018-1305)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2022-03-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mutt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1305.NASL", "href": "https://www.tenable.com/plugins/nessus/117748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117748);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/03\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n\n script_name(english:\"EulerOS 2.0 SP3 : mutt (EulerOS-SA-2018-1305)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mutt package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - mutt: Remote code injection vulnerability to an IMAP\n mailbox (CVE-2018-14354)\n\n - mutt: Remote Code Execution via backquote characters\n (CVE-2018-14357)\n\n - mutt: POP body caching path traversal vulnerability\n (CVE-2018-14362)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1305\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2383ae5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mutt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mutt-1.5.21-28\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:37:09", "description": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.(CVE-2018-14362)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.(CVE-2018-14354)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.(CVE-2018-14357)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-19T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : mutt (ALAS-2018-1077)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2018-09-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mutt", "p-cpe:/a:amazon:linux:mutt-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2018-1077.NASL", "href": "https://www.tenable.com/plugins/nessus/117591", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1077.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117591);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/09/19 10:04:09\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n script_xref(name:\"ALAS\", value:\"2018-1077\");\n\n script_name(english:\"Amazon Linux 2 : mutt (ALAS-2018-1077)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An issue was discovered in Mutt before 1.10.1 and NeoMutt before\n2018-07-16. pop.c does not forbid characters that may have unsafe\ninteraction with message-cache pathnames, as demonstrated by a '/'\ncharacter.(CVE-2018-14362)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before\n2018-07-16. They allow remote IMAP servers to execute arbitrary\ncommands via backquote characters, related to the mailboxes command\nassociated with a manual subscription or\nunsubscription.(CVE-2018-14354)\n\nAn issue was discovered in Mutt before 1.10.1 and NeoMutt before\n2018-07-16. They allow remote IMAP servers to execute arbitrary\ncommands via backquote characters, related to the mailboxes command\nassociated with an automatic subscription.(CVE-2018-14357)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mutt' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"mutt-1.5.21-28.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mutt-debuginfo-1.5.21-28.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt / mutt-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:36:56", "description": "According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\n - mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n - mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : mutt (EulerOS-SA-2018-1304)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2022-03-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mutt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1304.NASL", "href": "https://www.tenable.com/plugins/nessus/117747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117747);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/03\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n\n script_name(english:\"EulerOS 2.0 SP2 : mutt (EulerOS-SA-2018-1304)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mutt package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - mutt: Remote code injection vulnerability to an IMAP\n mailbox (CVE-2018-14354)\n\n - mutt: Remote Code Execution via backquote characters\n (CVE-2018-14357)\n\n - mutt: POP body caching path traversal vulnerability\n (CVE-2018-14362)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1304\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0870f313\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mutt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mutt-1.5.21-28\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:35:16", "description": "Security Fix(es) :\n\n - mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\n - mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n - mutt: POP body caching path traversal vulnerability (CVE-2018-14362)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : mutt on SL6.x, SL7.x i386/x86_64 (20180821)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:mutt", "p-cpe:/a:fermilab:scientific_linux:mutt-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180821_MUTT_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/112053", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112053);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n\n script_name(english:\"Scientific Linux Security Update : mutt on SL6.x, SL7.x i386/x86_64 (20180821)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - mutt: Remote code injection vulnerability to an IMAP\n mailbox (CVE-2018-14354)\n\n - mutt: Remote Code Execution via backquote characters\n (CVE-2018-14357)\n\n - mutt: POP body caching path traversal vulnerability\n (CVE-2018-14362)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1808&L=scientific-linux-errata&F=&S=&P=2753\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3fba7d5b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mutt and / or mutt-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"mutt-1.5.20-9.20091214hg736b6a.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mutt-1.5.21-28.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mutt-debuginfo-1.5.21-28.el7_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt / mutt-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T15:03:11", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has mutt packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.\n (CVE-2018-14354)\n\n - An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. (CVE-2018-14362)\n\n - An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. (CVE-2018-14357)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : mutt Multiple Vulnerabilities (NS-SA-2019-0140)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0140_MUTT.NASL", "href": "https://www.tenable.com/plugins/nessus/127403", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0140. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127403);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : mutt Multiple Vulnerabilities (NS-SA-2019-0140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has mutt packages installed that are affected by multiple\nvulnerabilities:\n\n - An issue was discovered in Mutt before 1.10.1 and\n NeoMutt before 2018-07-16. They allow remote IMAP\n servers to execute arbitrary commands via backquote\n characters, related to the mailboxes command associated\n with a manual subscription or unsubscription.\n (CVE-2018-14354)\n\n - An issue was discovered in Mutt before 1.10.1 and\n NeoMutt before 2018-07-16. pop.c does not forbid\n characters that may have unsafe interaction with\n message-cache pathnames, as demonstrated by a '/'\n character. (CVE-2018-14362)\n\n - An issue was discovered in Mutt before 1.10.1 and\n NeoMutt before 2018-07-16. They allow remote IMAP\n servers to execute arbitrary commands via backquote\n characters, related to the mailboxes command associated\n with an automatic subscription. (CVE-2018-14357)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL mutt packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"mutt-1.5.20-9.20091214hg736b6a.el6\",\n \"mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:34:58", "description": "An update for mutt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es) :\n\n* mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\n* mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-21T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : mutt (CESA-2018:2526)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mutt", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-2526.NASL", "href": "https://www.tenable.com/plugins/nessus/112022", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2526 and \n# CentOS Errata and Security Advisory 2018:2526 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112022);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n script_xref(name:\"RHSA\", value:\"2018:2526\");\n\n script_name(english:\"CentOS 6 / 7 : mutt (CESA-2018:2526)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mutt is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMutt is a low resource, highly configurable, text-based MIME e-mail\nclient. Mutt supports most e-mail storing formats, such as mbox and\nMaildir, as well as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es) :\n\n* mutt: Remote code injection vulnerability to an IMAP mailbox\n(CVE-2018-14354)\n\n* mutt: Remote Code Execution via backquote characters\n(CVE-2018-14357)\n\n* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-August/022988.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bba827b8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-August/022992.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d35df5da\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mutt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14354\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"mutt-1.5.20-9.20091214hg736b6a.el6\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mutt-1.5.21-28.el7_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:34:59", "description": "An update for mutt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es) :\n\n* mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)\n\n* mutt: Remote Code Execution via backquote characters (CVE-2018-14357)\n\n* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-20T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : mutt (RHSA-2018:2526)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mutt", "p-cpe:/a:redhat:enterprise_linux:mutt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2018-2526.NASL", "href": "https://www.tenable.com/plugins/nessus/111994", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2526. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111994);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n script_xref(name:\"RHSA\", value:\"2018:2526\");\n\n script_name(english:\"RHEL 6 / 7 : mutt (RHSA-2018:2526)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mutt is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMutt is a low resource, highly configurable, text-based MIME e-mail\nclient. Mutt supports most e-mail storing formats, such as mbox and\nMaildir, as well as most protocols, including POP3 and IMAP.\n\nSecurity Fix(es) :\n\n* mutt: Remote code injection vulnerability to an IMAP mailbox\n(CVE-2018-14354)\n\n* mutt: Remote Code Execution via backquote characters\n(CVE-2018-14357)\n\n* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-14354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-14357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-14362\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mutt and / or mutt-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2526\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mutt-1.5.20-9.20091214hg736b6a.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mutt-1.5.20-9.20091214hg736b6a.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mutt-1.5.20-9.20091214hg736b6a.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mutt-1.5.21-28.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mutt-1.5.21-28.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mutt-debuginfo-1.5.21-28.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mutt-debuginfo-1.5.21-28.el7_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt / mutt-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T15:02:38", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mutt packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.\n (CVE-2018-14354)\n\n - An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. (CVE-2018-14362)\n\n - An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. (CVE-2018-14357)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : mutt Multiple Vulnerabilities (NS-SA-2019-0038)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14354", "CVE-2018-14357", "CVE-2018-14362"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0038_MUTT.NASL", "href": "https://www.tenable.com/plugins/nessus/127211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0038. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127211);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-14354\", \"CVE-2018-14357\", \"CVE-2018-14362\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : mutt Multiple Vulnerabilities (NS-SA-2019-0038)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mutt packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in Mutt before 1.10.1 and\n NeoMutt before 2018-07-16. They allow remote IMAP\n servers to execute arbitrary commands via backquote\n characters, related to the mailboxes command associated\n with a manual subscription or unsubscription.\n (CVE-2018-14354)\n\n - An issue was discovered in Mutt before 1.10.1 and\n NeoMutt before 2018-07-16. pop.c does not forbid\n characters that may have unsafe interaction with\n message-cache pathnames, as demonstrated by a '/'\n character. (CVE-2018-14362)\n\n - An issue was discovered in Mutt before 1.10.1 and\n NeoMutt before 2018-07-16. They allow remote IMAP\n servers to execute arbitrary commands via backquote\n characters, related to the mailboxes command associated\n with an automatic subscription. (CVE-2018-14357)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0038\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL mutt packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"mutt-1.5.21-28.el7_5\",\n \"mutt-debuginfo-1.5.21-28.el7_5\"\n ],\n \"CGSL MAIN 5.04\": [\n \"mutt-1.5.21-28.el7_5\",\n \"mutt-debuginfo-1.5.21-28.el7_5\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:35:52", "description": "This update for mutt fixes the following issues: Security issues fixed :\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes :\n\n - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : mutt (SUSE-SU-2018:2403-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mutt", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-2403-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112011", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2403-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(112011);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14362\");\n\n script_name(english:\"SUSE SLES11 Security Update : mutt (SUSE-SU-2018:2403-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mutt fixes the following issues: Security issues \nfixed :\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c\n that does not leave room for quote characters\n (bsc#1101582).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c\n that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid\n characters that may have unsafe interaction with\n message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from\n remote IMAP servers via backquote characters\n (bsc#1101578).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length\n UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..'\n directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO\n response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed\n to execute arbitrary commands via backquote characters\n (bsc#1101573).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data\n (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along RFC822.SIZE field (bsc#1101571). Bug fixes :\n\n - bsc#936807: On entering a 70 character subject line in\n mutt, a tab is added to the text after 67 characters.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14354/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14355/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14356/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14362/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182403-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbf8251e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mutt-13736=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-mutt-13736=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-mutt-13736=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mutt-13736=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-mutt-13736=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mutt-1.5.17-42.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mutt-1.5.17-42.43.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-20T14:25:58", "description": "It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code.\n(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357)\n\nIt was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Mutt vulnerabilities (USN-3719-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mutt", "p-cpe:/a:canonical:ubuntu_linux:mutt-patched", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3719-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3719-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111268);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14362\");\n script_xref(name:\"USN\", value:\"3719-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Mutt vulnerabilities (USN-3719-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Mutt incorrectly handled certain requests. An\nattacker could possibly use this to execute arbitrary code.\n(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359,\nCVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357)\n\nIt was discovered that Mutt incorrectly handled certain inputs. An\nattacker could possibly use this to access or expose sensitive\ninformation. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351,\nCVE-2018-14362, CVE-2018-14349).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3719-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected mutt and / or mutt-patched packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mutt-patched\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mutt\", pkgver:\"1.5.21-6.4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mutt-patched\", pkgver:\"1.5.21-6.4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mutt\", pkgver:\"1.5.24-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mutt-patched\", pkgver:\"1.5.24-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"mutt\", pkgver:\"1.9.4-3ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt / mutt-patched\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:20:03", "description": "Security fix for CVE-2018-14358, CVE-2018-14352, CVE-2018-14353, CVE-2018-14356, CVE-2018-14359, CVE-2018-14354, CVE-2018-14355, CVE-2018-14362, CVE-2018-14357, CVE-2018-14350, CVE-2018-14349, CVE-2018-14351\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-02T00:00:00", "type": "nessus", "title": "Fedora 27 : 5:mutt (2018-502e31a658)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:5:mutt", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-502E31A658.NASL", "href": "https://www.tenable.com/plugins/nessus/111470", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-502e31a658.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111470);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14362\");\n script_xref(name:\"FEDORA\", value:\"2018-502e31a658\");\n\n script_name(english:\"Fedora 27 : 5:mutt (2018-502e31a658)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-14358, CVE-2018-14352, CVE-2018-14353,\nCVE-2018-14356, CVE-2018-14359, CVE-2018-14354, CVE-2018-14355,\nCVE-2018-14362, CVE-2018-14357, CVE-2018-14350, CVE-2018-14349,\nCVE-2018-14351\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-502e31a658\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 5:mutt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:5:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mutt-1.9.2-2.fc27\", epoch:\"5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"5:mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:37:41", "description": "The remote host is affected by the vulnerability described in GLSA-201810-07 (Mutt, NeoMutt: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mutt, and NeoMutt.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted mail message or connect to malicious mail server using Mutt or NeoMutt, possibly resulting in execution of arbitrary code or directory traversal with the privileges of the process or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "GLSA-201810-07 : Mutt, NeoMutt: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mutt", "p-cpe:/a:gentoo:linux:neomutt", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201810-07.NASL", "href": "https://www.tenable.com/plugins/nessus/118507", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201810-07.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118507);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14362\");\n script_xref(name:\"GLSA\", value:\"201810-07\");\n\n script_name(english:\"GLSA-201810-07 : Mutt, NeoMutt: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201810-07\n(Mutt, NeoMutt: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mutt, and NeoMutt.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted mail\n message or connect to malicious mail server using Mutt or NeoMutt,\n possibly resulting in execution of arbitrary code or directory traversal\n with the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201810-07\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Mutt users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-client/mutt-1.10.1'\n All NeoMuutt users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/neomutt-20180716'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14362\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:neomutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/neomutt\", unaffected:make_list(\"ge 20180716\"), vulnerable:make_list(\"lt 20180716\"))) flag++;\nif (qpkg_check(package:\"net-client/mutt\", unaffected:make_list(\"ge 1.10.1\"), vulnerable:make_list(\"lt 1.10.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mutt / NeoMutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:33:28", "description": "Kevin J. McCarthy reports :\n\nFixes a remote code injection vulnerability when 'subscribing' to an IMAP mailbox, either via $imap_check_subscribed, or via the <subscribe> function in the browser menu. Mutt was generating a 'mailboxes' command and sending that along to the muttrc parser.\nHowever, it was not escaping '`', which executes code and inserts the result. This would allow a malicious IMAP server to execute arbitrary code (for $imap_check_subscribed).\n\nFixes POP body caching path traversal vulnerability.\n\nFixes IMAP header caching path traversal vulnerability.\n\nCVE-2018-14349 - NO Response Heap Overflow\n\nCVE-2018-14350 - INTERNALDATE Stack Overflow\n\nCVE-2018-14351 - STATUS Literal Length relative write\n\nCVE-2018-14352 - imap_quote_string off-by-one stack overflow\n\nCVE-2018-14353 - imap_quote_string int underflow\n\nCVE-2018-14354 - imap_subscribe Remote Code Execution\n\nCVE-2018-14355 - STATUS mailbox header cache directory traversal\n\nCVE-2018-14356 - POP empty UID NULL deref\n\nCVE-2018-14357 - LSUB Remote Code Execution\n\nCVE-2018-14358 - RFC822.SIZE Stack Overflow\n\nCVE-2018-14359 - base64 decode Stack Overflow\n\nCVE-2018-14362 - POP Message Cache Directory Traversal", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-20T00:00:00", "type": "nessus", "title": "FreeBSD : mutt -- remote code injection and path traversal vulnerability (a2f35081-8a02-11e8-8fa5-4437e6ad11c4)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mutt", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A2F350818A0211E88FA54437E6AD11C4.NASL", "href": "https://www.tenable.com/plugins/nessus/111179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111179);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:47\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14362\");\n\n script_name(english:\"FreeBSD : mutt -- remote code injection and path traversal vulnerability (a2f35081-8a02-11e8-8fa5-4437e6ad11c4)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kevin J. McCarthy reports :\n\nFixes a remote code injection vulnerability when 'subscribing' to an\nIMAP mailbox, either via $imap_check_subscribed, or via the\n<subscribe> function in the browser menu. Mutt was generating a\n'mailboxes' command and sending that along to the muttrc parser.\nHowever, it was not escaping '`', which executes code and inserts the\nresult. This would allow a malicious IMAP server to execute arbitrary\ncode (for $imap_check_subscribed).\n\nFixes POP body caching path traversal vulnerability.\n\nFixes IMAP header caching path traversal vulnerability.\n\nCVE-2018-14349 - NO Response Heap Overflow\n\nCVE-2018-14350 - INTERNALDATE Stack Overflow\n\nCVE-2018-14351 - STATUS Literal Length relative write\n\nCVE-2018-14352 - imap_quote_string off-by-one stack overflow\n\nCVE-2018-14353 - imap_quote_string int underflow\n\nCVE-2018-14354 - imap_subscribe Remote Code Execution\n\nCVE-2018-14355 - STATUS mailbox header cache directory traversal\n\nCVE-2018-14356 - POP empty UID NULL deref\n\nCVE-2018-14357 - LSUB Remote Code Execution\n\nCVE-2018-14358 - RFC822.SIZE Stack Overflow\n\nCVE-2018-14359 - base64 decode Stack Overflow\n\nCVE-2018-14362 - POP Message Cache Directory Traversal\"\n );\n # http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2e0fc97\"\n );\n # https://vuxml.freebsd.org/freebsd/a2f35081-8a02-11e8-8fa5-4437e6ad11c4.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cf1b892\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mutt<1.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:37:09", "description": "USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight.\n\nWe apologize for the inconvenience.\n\nIt was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code.\n(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357)\n\nIt was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Mutt vulnerabilities (USN-3719-3)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mutt", "p-cpe:/a:canonical:ubuntu_linux:mutt-patched", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3719-3.NASL", "href": "https://www.tenable.com/plugins/nessus/117825", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3719-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117825);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14362\");\n script_xref(name:\"USN\", value:\"3719-3\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Mutt vulnerabilities (USN-3719-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes\nwere not correctly applied to the packaging for Mutt in Ubuntu 16.04\nLTS. This update corrects the oversight.\n\nWe apologize for the inconvenience.\n\nIt was discovered that Mutt incorrectly handled certain requests. An\nattacker could possibly use this to execute arbitrary code.\n(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359,\nCVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357)\n\nIt was discovered that Mutt incorrectly handled certain inputs. An\nattacker could possibly use this to access or expose sensitive\ninformation. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351,\nCVE-2018-14362, CVE-2018-14349).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3719-3/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected mutt and / or mutt-patched packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14362\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mutt-patched\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mutt\", pkgver:\"1.5.24-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mutt-patched\", pkgver:\"1.5.24-1ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt / mutt-patched\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:28:50", "description": "Upgrade to 1.10.1\n\nSecurity fix for CVE-2018-14358, CVE-2018-14352, CVE-2018-14353, CVE-2018-14356, CVE-2018-14359, CVE-2018-14354, CVE-2018-14355, CVE-2018-14362, CVE-2018-14357, CVE-2018-14350, CVE-2018-14349, CVE-2018-14351\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : 5:mutt (2018-f1438c5833)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:5:mutt", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-F1438C5833.NASL", "href": "https://www.tenable.com/plugins/nessus/120894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-f1438c5833.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120894);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14362\");\n script_xref(name:\"FEDORA\", value:\"2018-f1438c5833\");\n\n script_name(english:\"Fedora 28 : 5:mutt (2018-f1438c5833)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 1.10.1\n\nSecurity fix for CVE-2018-14358, CVE-2018-14352, CVE-2018-14353,\nCVE-2018-14356, CVE-2018-14359, CVE-2018-14354, CVE-2018-14355,\nCVE-2018-14362, CVE-2018-14357, CVE-2018-14350, CVE-2018-14349,\nCVE-2018-14351\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-f1438c5833\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 5:mutt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:5:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"mutt-1.10.1-1.fc28\", epoch:\"5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"5:mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:34:59", "description": "Several vulnerabilities have been discovered in mutt, a sophisticated text-based Mail User Agent, resulting in denial of service, stack-based buffer overflow, arbitrary command execution, and directory traversal flaws.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.5.23-3+deb8u1.\n\nWe recommend that you upgrade your mutt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-03T00:00:00", "type": "nessus", "title": "Debian DLA-1455-1 : mutt security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mutt", "p-cpe:/a:debian:debian_linux:mutt-dbg", "p-cpe:/a:debian:debian_linux:mutt-patched", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1455.NASL", "href": "https://www.tenable.com/plugins/nessus/111519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1455-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111519);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n\n script_name(english:\"Debian DLA-1455-1 : mutt security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in mutt, a sophisticated\ntext-based Mail User Agent, resulting in denial of service,\nstack-based buffer overflow, arbitrary command execution, and\ndirectory traversal flaws.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.5.23-3+deb8u1.\n\nWe recommend that you upgrade your mutt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mutt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected mutt, mutt-dbg, and mutt-patched packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mutt-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mutt-patched\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"mutt\", reference:\"1.5.23-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mutt-dbg\", reference:\"1.5.23-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mutt-patched\", reference:\"1.5.23-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:33:30", "description": "NeoMutt report : DescriptionCVE-2018-14349 NO Response Heap Overflow CVE-2018-14350 INTERNALDATE Stack Overflow CVE-2018-14351 STATUS Literal Length relative write CVE-2018-14352 imap_quote_string off-by-one stack overflow CVE-2018-14353 imap_quote_string int underflow CVE-2018-14354 imap_subscribe Remote Code Execution CVE-2018-14355 STATUS mailbox header cache directory traversal CVE-2018-14356 POP empty UID NULL deref CVE-2018-14357 LSUB Remote Code Execution CVE-2018-14358 RFC822.SIZE Stack Overflow CVE-2018-14359 base64 decode Stack Overflow CVE-2018-14360 NNTP Group Stack Overflow CVE-2018-14361 NNTP Write 1 where via GROUP response CVE-2018-14362 POP Message Cache Directory Traversal CVE-2018-14363 NNTP Header Cache Directory Traversal", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-20T00:00:00", "type": "nessus", "title": "FreeBSD : mutt/neomutt -- multiple vulnerabilities (fe12ef83-8b47-11e8-96cc-001a4a7ec6be)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mutt", "p-cpe:/a:freebsd:freebsd:mutt14", "p-cpe:/a:freebsd:freebsd:neomutt", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FE12EF838B4711E896CC001A4A7EC6BE.NASL", "href": "https://www.tenable.com/plugins/nessus/111181", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111181);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:47\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n\n script_name(english:\"FreeBSD : mutt/neomutt -- multiple vulnerabilities (fe12ef83-8b47-11e8-96cc-001a4a7ec6be)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NeoMutt report : DescriptionCVE-2018-14349 NO Response Heap Overflow\nCVE-2018-14350 INTERNALDATE Stack Overflow CVE-2018-14351 STATUS\nLiteral Length relative write CVE-2018-14352 imap_quote_string\noff-by-one stack overflow CVE-2018-14353 imap_quote_string int\nunderflow CVE-2018-14354 imap_subscribe Remote Code Execution\nCVE-2018-14355 STATUS mailbox header cache directory traversal\nCVE-2018-14356 POP empty UID NULL deref CVE-2018-14357 LSUB Remote\nCode Execution CVE-2018-14358 RFC822.SIZE Stack Overflow\nCVE-2018-14359 base64 decode Stack Overflow CVE-2018-14360 NNTP Group\nStack Overflow CVE-2018-14361 NNTP Write 1 where via GROUP response\nCVE-2018-14362 POP Message Cache Directory Traversal CVE-2018-14363\nNNTP Header Cache Directory Traversal\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/neomutt/neomutt/releases/tag/neomutt-20180716\"\n );\n # https://vuxml.freebsd.org/freebsd/fe12ef83-8b47-11e8-96cc-001a4a7ec6be.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42a27674\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mutt14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:neomutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"neomutt<20180716\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mutt<1.10.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mutt14<*\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:35:16", "description": "Several vulnerabilities were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, potentially leading to code execution, denial of service or information disclosure when connecting to a malicious mail/NNTP server.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-20T00:00:00", "type": "nessus", "title": "Debian DSA-4277-1 : mutt - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mutt", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4277.NASL", "href": "https://www.tenable.com/plugins/nessus/111986", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4277. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111986);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n script_xref(name:\"DSA\", value:\"4277\");\n\n script_name(english:\"Debian DSA-4277-1 : mutt - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in Mutt, a text-based\nmailreader supporting MIME, GPG, PGP and threading, potentially\nleading to code execution, denial of service or information disclosure\nwhen connecting to a malicious mail/NNTP server.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/mutt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/mutt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4277\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mutt packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.7.2-1+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"mutt\", reference:\"1.7.2-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:48:29", "description": "This update for mutt fixes the following issues :\n\nSecurity issues fixed :\n\nbsc#1101428: Mutt 1.10.1 security release update.\n\nCVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583).\n\nCVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).\n\nCVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).\n\nCVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).\n\nCVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).\n\nCVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).\n\nCVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577).\n\nCVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).\n\nCVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).\n\nCVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566).\n\nCVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\nCVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n\nCVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569).\n\nCVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).\n\nCVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568).\n\nBug fixes: mutt reports as neomutt and incorrect version (bsc#1094717)\n\nNo sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830)\n\nmutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129)\n\n(neo)mutt displaying times in Zulu time (bsc#1061343)\n\nmutt unconditionally segfaults when displaying a message (bsc#986534)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : mutt (SUSE-SU-2019:1196-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9116", "CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mutt", "p-cpe:/a:novell:suse_linux:mutt-debuginfo", "p-cpe:/a:novell:suse_linux:mutt-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1196-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1196-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124757);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2014-9116\", \"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n script_bugtraq_id(71334);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mutt (SUSE-SU-2019:1196-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mutt fixes the following issues :\n\nSecurity issues fixed :\n\nbsc#1101428: Mutt 1.10.1 security release update.\n\nCVE-2018-14351: Fix imap/command.c that mishandles long IMAP status\nmailbox literal count size (bsc#1101583).\n\nCVE-2018-14353: Fix imap_quote_string in imap/util.c that has an\ninteger underflow (bsc#1101581).\n\nCVE-2018-14362: Fix pop.c that does not forbid characters that may\nhave unsafe interaction with message-cache pathnames (bsc#1101567).\n\nCVE-2018-14354: Fix arbitrary command execution from remote IMAP\nservers via backquote characters (bsc#1101578).\n\nCVE-2018-14352: Fix imap_quote_string in imap/util.c that does not\nleave room for quote characters (bsc#1101582).\n\nCVE-2018-14356: Fix pop.c that mishandles a zero-length UID\n(bsc#1101576).\n\nCVE-2018-14355: Fix imap/util.c that mishandles '..' directory\ntraversal in a mailbox name (bsc#1101577).\n\nCVE-2018-14349: Fix imap/command.c that mishandles a NO response\nwithout a message (bsc#1101589).\n\nCVE-2018-14350: Fix imap/message.c that has a stack-based buffer\noverflow for a FETCH response with along INTERNALDATE field\n(bsc#1101588).\n\nCVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/'\ncharacters that may have unsafe interaction with cache pathnames\n(bsc#1101566).\n\nCVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\nCVE-2018-14358: Fix imap/message.c that has a stack-based buffer\noverflow for a FETCH response with along RFC822.SIZE field\n(bsc#1101571).\n\nCVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based\nbuffer overflow because of incorrect sscanf usage (bsc#1101569).\n\nCVE-2018-14357: Fix that remote IMAP servers are allowed to execute\narbitrary commands via backquote characters (bsc#1101573).\n\nCVE-2018-14361: Fix that nntp.c proceeds even if memory allocation\nfails for messages data (bsc#1101568).\n\nBug fixes: mutt reports as neomutt and incorrect version (bsc#1094717)\n\nNo sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517\n(bsc#980830)\n\nmutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129)\n\n(neo)mutt displaying times in Zulu time (bsc#1061343)\n\nmutt unconditionally segfaults when displaying a message (bsc#986534)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14354/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14355/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14356/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14360/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14362/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14363/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191196-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd3875d6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1196=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-1196=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mutt-1.10.1-55.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mutt-debuginfo-1.10.1-55.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mutt-debugsource-1.10.1-55.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mutt-1.10.1-55.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mutt-debuginfo-1.10.1-55.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mutt-debugsource-1.10.1-55.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:30:56", "description": "This update for mutt fixes the following issues :\n\nSecurity issues fixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568).\n\nBug fixes :\n\n - mutt reports as neomutt and incorrect version (bsc#1094717)\n\n - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830)\n\n - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129)\n\n - (neo)mutt displaying times in Zulu time (bsc#1061343)\n\n - mutt unconditionally segfaults when displaying a message (bsc#986534)\n\n - For openSUSE Leap 42.3, retain split of -lang and -doc (boo#1120935)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mutt (openSUSE-2019-52)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9116", "CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mutt", "p-cpe:/a:novell:opensuse:mutt-debuginfo", "p-cpe:/a:novell:opensuse:mutt-debugsource", "p-cpe:/a:novell:opensuse:mutt-lang", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-52.NASL", "href": "https://www.tenable.com/plugins/nessus/121281", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-52.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121281);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9116\", \"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n\n script_name(english:\"openSUSE Security Update : mutt (openSUSE-2019-52)\");\n script_summary(english:\"Check for the openSUSE-2019-52 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mutt fixes the following issues :\n\nSecurity issues fixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long\n IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c\n that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid\n characters that may have unsafe interaction with\n message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from\n remote IMAP servers via backquote characters\n (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c\n that does not leave room for quote characters\n (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length\n UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..'\n directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO\n response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not\n properlyrestrict '/' characters that may have unsafe\n interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data\n (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has\n a stack-based buffer overflow because of incorrect\n sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed\n to execute arbitrary commands via backquote characters\n (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory\n allocation fails for messages data (bsc#1101568).\n\nBug fixes :\n\n - mutt reports as neomutt and incorrect version\n (bsc#1094717)\n\n - No sidebar available in mutt 1.6.1 from Tumbleweed\n snapshot 20160517 (bsc#980830)\n\n - mutt-1.6.1 unusable when built with --enable-sidebar\n (bsc#982129)\n\n - (neo)mutt displaying times in Zulu time (bsc#1061343)\n\n - mutt unconditionally segfaults when displaying a message\n (bsc#986534)\n\n - For openSUSE Leap 42.3, retain split of -lang and -doc\n (boo#1120935)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/323578\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mutt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mutt-1.10.1-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mutt-debuginfo-1.10.1-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mutt-debugsource-1.10.1-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mutt-lang-1.10.1-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt / mutt-debuginfo / mutt-debugsource / mutt-lang\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:28:52", "description": "This update for mutt fixes the following issues: Security issues fixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes :\n\n - mutt reports as neomutt and incorrect version (bsc#1094717)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : mutt (SUSE-SU-2018:2085-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9116", "CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2020-03-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mutt", "p-cpe:/a:novell:suse_linux:mutt-debuginfo", "p-cpe:/a:novell:suse_linux:mutt-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-2085-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120066", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2085-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120066);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/20\");\n\n script_cve_id(\"CVE-2014-9116\", \"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n script_bugtraq_id(71334);\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : mutt (SUSE-SU-2018:2085-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mutt fixes the following issues: Security issues \nfixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long\n IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c\n that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid\n characters that may have unsafe interaction with\n message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from\n remote IMAP servers via backquote characters\n (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c\n that does not leave room for quote characters\n (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length\n UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..'\n directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO\n response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not\n properlyrestrict '/' characters that may have unsafe\n interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data\n (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has\n a stack-based buffer overflow because of incorrect\n sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed\n to execute arbitrary commands via backquote characters\n (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory\n allocation fails for messages data (bsc#1101568). Bug\n fixes :\n\n - mutt reports as neomutt and incorrect version\n (bsc#1094717)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14354/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14355/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14356/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14360/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14362/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14363/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182085-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4eea4179\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-1416=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mutt-1.10.1-3.3.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mutt-debuginfo-1.10.1-3.3.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mutt-debugsource-1.10.1-3.3.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mutt-1.10.1-3.3.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mutt-debuginfo-1.10.1-3.3.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mutt-debugsource-1.10.1-3.3.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:40:02", "description": "This update for mutt fixes the following issues :\n\nSecurity issues fixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568).\n\nBug fixes :\n\n - mutt reports as neomutt and incorrect version (bsc#1094717)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mutt (openSUSE-2019-569)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9116", "CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mutt", "p-cpe:/a:novell:opensuse:mutt-debuginfo", "p-cpe:/a:novell:opensuse:mutt-debugsource", "p-cpe:/a:novell:opensuse:mutt-lang", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-569.NASL", "href": "https://www.tenable.com/plugins/nessus/123246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-569.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123246);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9116\", \"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n\n script_name(english:\"openSUSE Security Update : mutt (openSUSE-2019-569)\");\n script_summary(english:\"Check for the openSUSE-2019-569 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mutt fixes the following issues :\n\nSecurity issues fixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long\n IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c\n that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid\n characters that may have unsafe interaction with\n message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from\n remote IMAP servers via backquote characters\n (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c\n that does not leave room for quote characters\n (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length\n UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..'\n directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO\n response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not\n properlyrestrict '/' characters that may have unsafe\n interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data\n (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has\n a stack-based buffer overflow because of incorrect\n sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed\n to execute arbitrary commands via backquote characters\n (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory\n allocation fails for messages data (bsc#1101568).\n\nBug fixes :\n\n - mutt reports as neomutt and incorrect version\n (bsc#1094717)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101589\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mutt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mutt-1.10.1-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mutt-debuginfo-1.10.1-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mutt-debugsource-1.10.1-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mutt-lang-1.10.1-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt / mutt-debuginfo / mutt-debugsource / mutt-lang\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:34:00", "description": "This update for mutt fixes the following issues: Security issues fixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes :\n\n - mutt reports as neomutt and incorrect version (bsc#1094717)\n\n - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830)\n\n - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129)\n\n - (neo)mutt displaying times in Zulu time (bsc#1061343)\n\n - mutt unconditionally segfaults when displaying a message (bsc#986534)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-30T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : mutt (SUSE-SU-2018:2084-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9116", "CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mutt", "p-cpe:/a:novell:suse_linux:mutt-debuginfo", "p-cpe:/a:novell:suse_linux:mutt-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2084-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111435", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2084-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111435);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2014-9116\", \"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n script_bugtraq_id(71334);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mutt (SUSE-SU-2018:2084-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mutt fixes the following issues: Security issues \nfixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long\n IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c\n that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid\n characters that may have unsafe interaction with\n message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from\n remote IMAP servers via backquote characters\n (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c\n that does not leave room for quote characters\n (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length\n UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..'\n directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO\n response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not\n properlyrestrict '/' characters that may have unsafe\n interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data\n (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has\n a stack-based buffer overflow because of incorrect\n sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed\n to execute arbitrary commands via backquote characters\n (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory\n allocation fails for messages data (bsc#1101568). Bug\n fixes :\n\n - mutt reports as neomutt and incorrect version\n (bsc#1094717)\n\n - No sidebar available in mutt 1.6.1 from Tumbleweed\n snapshot 20160517 (bsc#980830)\n\n - mutt-1.6.1 unusable when built with --enable-sidebar\n (bsc#982129)\n\n - (neo)mutt displaying times in Zulu time (bsc#1061343)\n\n - mutt unconditionally segfaults when displaying a message\n (bsc#986534)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14354/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14355/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14356/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14360/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14362/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14363/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182084-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5830df6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1415=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1415=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mutt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mutt-1.10.1-55.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mutt-debuginfo-1.10.1-55.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mutt-debugsource-1.10.1-55.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mutt-1.10.1-55.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mutt-debuginfo-1.10.1-55.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mutt-debugsource-1.10.1-55.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:35:52", "description": "This update for mutt fixes the following issues :\n\nSecurity issues fixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568).\n\nBug fixes :\n\n - mutt reports as neomutt and incorrect version (bsc#1094717)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mutt (openSUSE-2018-809)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9116", "CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mutt", "p-cpe:/a:novell:opensuse:mutt-debuginfo", "p-cpe:/a:novell:opensuse:mutt-debugsource", "p-cpe:/a:novell:opensuse:mutt-lang", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-809.NASL", "href": "https://www.tenable.com/plugins/nessus/111571", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-809.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111571);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9116\", \"CVE-2018-14349\", \"CVE-2018-14350\", \"CVE-2018-14351\", \"CVE-2018-14352\", \"CVE-2018-14353\", \"CVE-2018-14354\", \"CVE-2018-14355\", \"CVE-2018-14356\", \"CVE-2018-14357\", \"CVE-2018-14358\", \"CVE-2018-14359\", \"CVE-2018-14360\", \"CVE-2018-14361\", \"CVE-2018-14362\", \"CVE-2018-14363\");\n\n script_name(english:\"openSUSE Security Update : mutt (openSUSE-2018-809)\");\n script_summary(english:\"Check for the openSUSE-2018-809 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mutt fixes the following issues :\n\nSecurity issues fixed :\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n\n - CVE-2018-14351: Fix imap/command.c that mishandles long\n IMAP status mailbox literal count size (bsc#1101583).\n\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c\n that has an integer underflow (bsc#1101581).\n\n - CVE-2018-14362: Fix pop.c that does not forbid\n characters that may have unsafe interaction with\n message-cache pathnames (bsc#1101567).\n\n - CVE-2018-14354: Fix arbitrary command execution from\n remote IMAP servers via backquote characters\n (bsc#1101578).\n\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c\n that does not leave room for quote characters\n (bsc#1101582).\n\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length\n UID (bsc#1101576).\n\n - CVE-2018-14355: Fix imap/util.c that mishandles '..'\n directory traversal in a mailbox name (bsc#1101577).\n\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO\n response without a message (bsc#1101589).\n\n - CVE-2018-14350: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along INTERNALDATE field (bsc#1101588).\n\n - CVE-2018-14363: Fix newsrc.c that does not\n properlyrestrict '/' characters that may have unsafe\n interaction with cache pathnames (bsc#1101566).\n\n - CVE-2018-14359: Fix buffer overflow via base64 data\n (bsc#1101570).\n\n - CVE-2018-14358: Fix imap/message.c that has a\n stack-based buffer overflow for a FETCH response with\n along RFC822.SIZE field (bsc#1101571).\n\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has\n a stack-based buffer overflow because of incorrect\n sscanf usage (bsc#1101569).\n\n - CVE-2018-14357: Fix that remote IMAP servers are allowed\n to execute arbitrary commands via backquote characters\n (bsc#1101573).\n\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory\n allocation fails for messages data (bsc#1101568).\n\nBug fixes :\n\n - mutt reports as neomutt and incorrect version\n (bsc#1094717)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101589\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mutt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mutt-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mutt-1.10.1-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mutt-debuginfo-1.10.1-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mutt-debugsource-1.10.1-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mutt-lang-1.10.1-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mutt / mutt-debuginfo / mutt-debugsource / mutt-lang\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups of messages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-07-31T17:14:09", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mutt-1.9.2-2.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2018-07-31T17:14:09", "id": "FEDORA:14A4260DC6FE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ADQDKEL55ISBMHUFNGN76SC3IQWJC73M/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups of messages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-07-31T18:05:34", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mutt-1.10.1-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2018-07-31T18:05:34", "id": "FEDORA:0AB26606E1E1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GAEYBSZPZ6PAWGFNHLCBPAKO6INA3JFQ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:04:10", "description": "### Background\n\nMutt is a small but very powerful text-based mail client.\n\nNeoMutt is a command line mail reader (or MUA). It\u2019s a fork of Mutt with added features. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mutt, and NeoMutt. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted mail message or connect to malicious mail server using Mutt or NeoMutt, possibly resulting in execution of arbitrary code or directory traversal with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mutt users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-client/mutt-1.10.1\"\n \n\nAll NeoMuutt users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/neomutt-20180716\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "gentoo", "title": "Mutt, NeoMutt: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2018-10-30T00:00:00", "id": "GLSA-201810-07", "href": "https://security.gentoo.org/glsa/201810-07", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nKevin J. McCarthy reports:\n\nFixes a remote code injection vulnerability when \"subscribing\"\n\t to an IMAP mailbox, either via $imap_check_subscribed, or via the\n\t <subscribe> function in the browser menu. Mutt was generating a\n\t \"mailboxes\" command and sending that along to the muttrc parser.\n\t However, it was not escaping \"`\", which executes code and inserts\n\t the result. This would allow a malicious IMAP server to execute\n\t arbitrary code (for $imap_check_subscribed).\nFixes POP body caching path traversal vulnerability.\nFixes IMAP header caching path traversal vulnerability.\nCVE-2018-14349 - NO Response Heap Overflow\nCVE-2018-14350 - INTERNALDATE Stack Overflow\nCVE-2018-14351 - STATUS Literal Length relative write\nCVE-2018-14352 - imap_quote_string off-by-one stack overflow\nCVE-2018-14353 - imap_quote_string int underflow\nCVE-2018-14354 - imap_subscribe Remote Code Execution\nCVE-2018-14355 - STATUS mailbox header cache directory traversal\nCVE-2018-14356 - POP empty UID NULL deref\nCVE-2018-14357 - LSUB Remote Code Execution\nCVE-2018-14358 - RFC822.SIZE Stack Overflow\nCVE-2018-14359 - base64 decode Stack Overflow\nCVE-2018-14362 - POP Message Cache Directory Traversal\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-07-15T00:00:00", "type": "freebsd", "title": "mutt -- remote code injection and path traversal vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2018-07-15T00:00:00", "id": "A2F35081-8A02-11E8-8FA5-4437E6AD11C4", "href": "https://vuxml.freebsd.org/freebsd/a2f35081-8a02-11e8-8fa5-4437e6ad11c4.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nNeoMutt report:\n\nDescription\nCVE-2018-14349NO Response Heap Overflow\nCVE-2018-14350INTERNALDATE Stack Overflow\nCVE-2018-14351STATUS Literal Length relative write\nCVE-2018-14352imap_quote_string off-by-one stack overflow\nCVE-2018-14353imap_quote_string int underflow\nCVE-2018-14354imap_subscribe Remote Code Execution\nCVE-2018-14355STATUS mailbox header cache directory traversal\nCVE-2018-14356POP empty UID NULL deref\nCVE-2018-14357LSUB Remote Code Execution\nCVE-2018-14358RFC822.SIZE Stack Overflow\nCVE-2018-14359base64 decode Stack Overflow\nCVE-2018-14360NNTP Group Stack Overflow\nCVE-2018-14361NNTP Write 1 where via GROUP response\nCVE-2018-14362POP Message Cache Directory Traversal\nCVE-2018-14363NNTP Header Cache Directory Traversal\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-07-10T00:00:00", "type": "freebsd", "title": "mutt/neomutt -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2018-07-10T00:00:00", "id": "FE12EF83-8B47-11E8-96CC-001A4A7EC6BE", "href": "https://vuxml.freebsd.org/freebsd/fe12ef83-8b47-11e8-96cc-001a4a7ec6be.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T13:04:54", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * mutt \\- text-based mailreader supporting MIME, GPG, PGP and threading\n\nUSN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were \nnot correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. \nThis update corrects the oversight.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that Mutt incorrectly handled certain requests. \nAn attacker could possibly use this to execute arbitrary code. \n(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, \nCVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357)\n\nIt was discovered that Mutt incorrectly handled certain inputs. \nAn attacker could possibly use this to access or expose sensitive \ninformation. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, \nCVE-2018-14362, CVE-2018-14349)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntu", "title": "Mutt vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2018-09-28T00:00:00", "id": "USN-3719-3", "href": "https://ubuntu.com/security/notices/USN-3719-3", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T13:06:44", "description": "## Releases\n\n * Ubuntu 18.04 LTS\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * mutt \\- text-based mailreader supporting MIME, GPG, PGP and threading\n\nIt was discovered that Mutt incorrectly handled certain requests. \nAn attacker could possibly use this to execute arbitrary code. \n(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, \nCVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357)\n\nIt was discovered that Mutt incorrectly handled certain inputs. \nAn attacker could possibly use this to access or expose sensitive \ninformation. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, \nCVE-2018-14362, CVE-2018-14349)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-23T00:00:00", "type": "ubuntu", "title": "Mutt vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2018-07-23T00:00:00", "id": "USN-3719-1", "href": "https://ubuntu.com/security/notices/USN-3719-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T13:06:42", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * mutt \\- text-based mailreader supporting MIME, GPG, PGP and threading\n\nUSN-3719-1 fixed a vulnerability in Mutt. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that Mutt incorrectly handled certain requests. \nAn attacker could possibly use this to execute arbitrary code. \n(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, \nCVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357)\n\nIt was discovered that Mutt incorrectly handled certain inputs. \nAn attacker could possibly use this to access or expose sensitive \ninformation. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, \nCVE-2018-14362, CVE-2018-14349)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-23T00:00:00", "type": "ubuntu", "title": "Mutt vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362"], "modified": "2018-07-23T00:00:00", "id": "USN-3719-2", "href": "https://ubuntu.com/security/notices/USN-3719-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357). It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349). nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage (CVE-2018-14360). nntp.c proceeds even if memory allocation fails for messages data (CVE-2018-14361). newsrc.c does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (CVE-2018-14363). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-15T22:04:32", "type": "mageia", "title": "Updated mutt packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2018-11-15T22:04:32", "id": "MGASA-2018-0447", "href": "https://advisories.mageia.org/MGASA-2018-0447.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T18:32:41", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4277-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mutt\nCVE ID : CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352\n CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356\n CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360\n CVE-2018-14361 CVE-2018-14362 CVE-2018-14363\nDebian Bug : 904051\n\nSeveral vulnerabilities were discovered in Mutt, a text-based mailreader\nsupporting MIME, GPG, PGP and threading, potentially leading to code\nexecution, denial of service or information disclosure when connecting\nto a malicious mail/NNTP server.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.7.2-1+deb9u1.\n\nWe recommend that you upgrade your mutt packages.\n\nFor the detailed security status of mutt please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/mutt\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-08-17T18:15:34", "type": "debian", "title": "[SECURITY] [DSA 4277-1] mutt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2018-08-17T18:15:34", "id": "DEBIAN:DSA-4277-1:2A39D", "href": "https://lists.debian.org/debian-security-announce/2018/msg00206.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-09T04:39:19", "description": "Package : mutt\nVersion : 1.5.23-3+deb8u1\nCVE ID : CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 \n CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 \n CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 \n CVE-2018-14361 CVE-2018-14362 CVE-2018-14363\nDebian Bug : 904051\n\n\nSeveral vulnerabilities have been discovered in mutt, a sophisticated\ntext-based Mail User Agent, resulting in denial of service, stack-based\nbuffer overflow, arbitrary command execution, and directory traversal\nflaws.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.5.23-3+deb8u1.\n\nWe recommend that you upgrade your mutt packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-08-02T11:00:52", "type": "debian", "title": "[SECURITY] [DLA 1455-1] mutt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2018-08-02T11:00:52", "id": "DEBIAN:DLA-1455-1:90461", "href": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-05T15:53:50", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4277-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mutt\nCVE ID : CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352\n CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356\n CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360\n CVE-2018-14361 CVE-2018-14362 CVE-2018-14363\nDebian Bug : 904051\n\nSeveral vulnerabilities were discovered in Mutt, a text-based mailreader\nsupporting MIME, GPG, PGP and threading, potentially leading to code\nexecution, denial of service or information disclosure when connecting\nto a malicious mail/NNTP server.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.7.2-1+deb9u1.\n\nWe recommend that you upgrade your mutt packages.\n\nFor the detailed security status of mutt please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/mutt\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-17T18:15:34", "type": "debian", "title": "[SECURITY] [DSA 4277-1] mutt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2018-08-17T18:15:34", "id": "DEBIAN:DSA-4277-1:A5B5F", "href": "https://lists.debian.org/debian-security-announce/2018/msg00206.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:19:20", "description": "\nSeveral vulnerabilities have been discovered in mutt, a sophisticated\ntext-based Mail User Agent, resulting in denial of service, stack-based\nbuffer overflow, arbitrary command execution, and directory traversal\nflaws.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1.5.23-3+deb8u1.\n\n\nWe recommend that you upgrade your mutt packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-02T00:00:00", "type": "osv", "title": "mutt - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14360", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14363", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14361", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2022-07-21T05:52:14", "id": "OSV:DLA-1455-1", "href": "https://osv.dev/vulnerability/DLA-1455-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:23:46", "description": "\nSeveral vulnerabilities were discovered in Mutt, a text-based mailreader\nsupporting MIME, GPG, PGP and threading, potentially leading to code\nexecution, denial of service or information disclosure when connecting\nto a malicious mail/NNTP server.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.7.2-1+deb9u1.\n\n\nWe recommend that you upgrade your mutt packages.\n\n\nFor the detailed security status of mutt please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/mutt>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-17T00:00:00", "type": "osv", "title": "mutt - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14360", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14363", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14361", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2022-07-21T05:49:57", "id": "OSV:DSA-4277-1", "href": "https://osv.dev/vulnerability/DSA-4277-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-08-06T17:54:23", "description": "This update for mutt fixes the following issues:\n\n Security issues fixed:\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status\n mailbox literal count size (bsc#1101583).\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer\n underflow (bsc#1101581).\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have\n unsafe interaction with message-cache pathnames (bsc#1101567).\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers\n via backquote characters (bsc#1101578).\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave\n room for quote characters (bsc#1101582).\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID\n (bsc#1101576).\n - CVE-2018-14355: Fix imap/util.c that mishandles ".." directory traversal\n in a mailbox name (bsc#1101577).\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without\n a message (bsc#1101589).\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer\n overflow for a FETCH response with along INTERNALDATE field\n (bsc#1101588).\n - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/'\n characters that may have unsafe interaction with cache pathnames\n (bsc#1101566).\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer\n overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based\n buffer overflow because of incorrect sscanf usage (bsc#1101569).\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute\n arbitrary commands via backquote characters (bsc#1101573).\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails\n for messages data (bsc#1101568).\n\n Bug fixes:\n\n - mutt reports as neomutt and incorrect version (bsc#1094717)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-08-06T15:13:42", "type": "suse", "title": "Security update for mutt (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-14352", "CVE-2018-14349", "CVE-2014-9116", "CVE-2018-14362", "CVE-2018-14353", "CVE-2018-14350", "CVE-2018-14360", "CVE-2018-14356", "CVE-2018-14351", "CVE-2018-14354", "CVE-2018-14363", "CVE-2018-14359", "CVE-2018-14355", "CVE-2018-14361", "CVE-2018-14358", "CVE-2018-14357"], "modified": "2018-08-06T15:13:42", "id": "OPENSUSE-SU-2018:2212-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00013.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2022-11-08T04:10:32", "description": "An update that solves 16 vulnerabilities and has 6 fixes is\n now available.\n\nDescription:\n\n This update for mutt fixes the following issues:\n\n Security issues fixed:\n\n - bsc#1101428: Mutt 1.10.1 security release update.\n - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status\n mailbox literal count size (bsc#1101583).\n - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer\n underflow (bsc#1101581).\n - CVE-2018-14362: Fix pop.c that does not forbid characters that may have\n unsafe interaction with message-cache pathnames (bsc#1101567).\n - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers\n via backquote characters (bsc#1101578).\n - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave\n room for quote characters (bsc#1101582).\n - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID\n (bsc#1101576).\n - CVE-2018-14355: Fix imap/util.c that mishandles \"..\" directory traversal\n in a mailbox name (bsc#1101577).\n - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without\n a message (bsc#1101589).\n - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer\n overflow for a FETCH response with along INTERNALDATE field\n (bsc#1101588).\n - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/'\n characters that may have unsafe interaction with cache pathnames\n (bsc#1101566).\n - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer\n overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based\n buffer overflow because of incorrect sscanf usage (bsc#1101569).\n - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute\n arbitrary commands via backquote characters (bsc#1101573).\n - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails\n for messages data (bsc#1101568).\n\n Bug fixes:\n\n - mutt reports as neomutt and incorrect version (bsc#1094717)\n - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517\n (bsc#980830)\n - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129)\n - (neo)mutt displaying times in Zulu time (bsc#1061343)\n - mutt unconditionally segfaults when displaying a message (bsc#986534)\n - For openSUSE Leap 42.3, retain split of -lang and -doc (boo#1120935)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-52=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-17T00:00:00", "type": "suse", "title": "Security update for mutt (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9116", "CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363"], "modified": "2019-01-17T00:00:00", "id": "OPENSUSE-SU-2019:0052-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DZCWXEAUIOLHKNGMVSJPJWM4CB2WNKOV/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2018-14362
