FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mutt -- remote code injection and path traversal vulnerability

Affected packages
mutt < 1.10.1

Details

VuXML ID a2f35081-8a02-11e8-8fa5-4437e6ad11c4
Discovery 2018-07-15
Entry 2018-07-17

Kevin J. McCarthy reports:

Fixes a remote code injection vulnerability when "subscribing" to an IMAP mailbox, either via $imap_check_subscribed, or via the <subscribe> function in the browser menu. Mutt was generating a "mailboxes" command and sending that along to the muttrc parser. However, it was not escaping "`", which executes code and inserts the result. This would allow a malicious IMAP server to execute arbitrary code (for $imap_check_subscribed).

Fixes POP body caching path traversal vulnerability.

Fixes IMAP header caching path traversal vulnerability.

CVE-2018-14349 - NO Response Heap Overflow

CVE-2018-14350 - INTERNALDATE Stack Overflow

CVE-2018-14351 - STATUS Literal Length relative write

CVE-2018-14352 - imap_quote_string off-by-one stack overflow

CVE-2018-14353 - imap_quote_string int underflow

CVE-2018-14354 - imap_subscribe Remote Code Execution

CVE-2018-14355 - STATUS mailbox header cache directory traversal

CVE-2018-14356 - POP empty UID NULL deref

CVE-2018-14357 - LSUB Remote Code Execution

CVE-2018-14358 - RFC822.SIZE Stack Overflow

CVE-2018-14359 - base64 decode Stack Overflow

CVE-2018-14362 - POP Message Cache Directory Traversal

References

CVE Name CVE-2018-14349
CVE Name CVE-2018-14350
CVE Name CVE-2018-14351
CVE Name CVE-2018-14352
CVE Name CVE-2018-14353
CVE Name CVE-2018-14354
CVE Name CVE-2018-14355
CVE Name CVE-2018-14356
CVE Name CVE-2018-14357
CVE Name CVE-2018-14358
CVE Name CVE-2018-14359
CVE Name CVE-2018-14362
URL http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html