Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.

Mutt has a buffer overflow in IMAP namespace parsing code which may open a possible remote vulnerability. (CVE-2006-3242)

TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Mutt had a buffer overflow in IMAP namespace parsing code which may open a possible remote vulnerability (CVE-2006-3242).

It was discovered that the mutt mail reader performs insufficient validation of values returned from an IMAP server, which might overflow a buffer and potentially lead to the injection of arbitrary code.

New mutt packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible security issue.

Updated mutt packages that fix a security issue are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Mutt is a text-mode mail user agent.

A buffer overflow flaw was found in the way Mutt processes an overly long namespace from a malicious imap server. In order to exploit this flaw a user would have to use Mutt to connect to a malicious IMAP server. (CVE-2006-3242)

Users of Mutt are advised to upgrade to these erratum packages, which contain a backported patch to correct this issue.

SecurityFocus reports :

Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.

A stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.

Updated packages have been patched to address this issue.

The remote host is affected by the vulnerability described in GLSA-200606-27 (Mutt: Buffer overflow)

    TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in     the 'browse_get_namespace()' function in browse.c, which can be     triggered when receiving an overly long namespace from an IMAP server.
  Impact :

    A malicious IMAP server can send an overly long namespace to Mutt in     order to crash the application, and possibly execute arbitrary code     with the permissions of the user running Mutt.
  Workaround :

    There is no known workaround at this time.

The remote host is running a version of the Mutt email client that contains a buffer overflow. It is alleged that an attacker exploiting this flaw would be able to execute arbitrary code on the remote system.

ID	Name	Product	Family	Severity
41094	SuSE9 Security Update : mutt (YOU Patch Number 11094)	Nessus	SuSE Local Security Checks	high
27882	Ubuntu 5.04 / 5.10 / 6.06 LTS : mutt vulnerability (USN-307-1)	Nessus	Ubuntu Local Security Checks	high
27353	openSUSE 10 Security Update : mutt (mutt-1701)	Nessus	SuSE Local Security Checks	high
22650	Debian DSA-1108-1 : mutt - buffer overflow	Nessus	Debian Local Security Checks	high
22098	Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : mutt (SSA:2006-207-01)	Nessus	Slackware Local Security Checks	high
22045	RHEL 2.1 / 3 / 4 : mutt (RHSA-2006:0577)	Nessus	Red Hat Local Security Checks	high
22039	CentOS 3 / 4 : mutt (CESA-2006:0577)	Nessus	CentOS Local Security Checks	high
21790	FreeBSD : mutt -- Remote Buffer Overflow Vulnerability (d2a43243-087b-11db-bc36-0008743bf21a)	Nessus	FreeBSD Local Security Checks	high
21777	Mandrake Linux Security Advisory : mutt (MDKSA-2006:115)	Nessus	Mandriva Local Security Checks	high
21773	GLSA-200606-27 : Mutt: Buffer overflow	Nessus	Gentoo Local Security Checks	high
3172	Mutt < 1.5.11 imap/browse.c Remote Overflow	Nessus Network Monitor	SMTP Clients	high

Detections

Analytics

CVE-2006-3242

critical

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high