FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-2683

This CVE name corresponds to:

Entered Topic
2007-07-29 mutt -- buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-2683 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-2683
Phase Assigned(20070515)

Description

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.

References

Source Reference
MISC http://dev.mutt.org/trac/ticket/2885
CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890
CONFIRM https://issues.rpath.com/browse/RPL-1391
MANDRIVA MDKSA-2007:113
REDHAT RHSA-2007:0386
TRUSTIX 2007-0024
BID 24192
OSVDB 34973
OVAL oval:org.mitre.oval:def:10543
SECTRACK 1018066
SECUNIA 25408
SECUNIA 25529
SECUNIA 25515
SECUNIA 25546
SECUNIA 26415
XF mutt-gecos-bo(34441)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.