FKIE_CVE-2004-0078

Vulnerability from fkie_nvd - Published: 2004-03-03 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
References
cve@mitre.orgftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt
cve@mitre.orghttp://bugs.debian.org/126336
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107651677817933&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107696262905039&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107884956930903&w=2
cve@mitre.orghttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010
cve@mitre.orghttp://www.osvdb.org/3918
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-050.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-051.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/9641Patch, Vendor Advisory
cve@mitre.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15134
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/126336
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107651677817933&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107696262905039&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107884956930903&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3918
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-050.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-051.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9641Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15134
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838
Impacted products
Vendor Product Version
mutt mutt 1.2.1
mutt mutt 1.2.5
mutt mutt 1.2.5.1
mutt mutt 1.2.5.4
mutt mutt 1.2.5.5
mutt mutt 1.2.5.12
mutt mutt 1.2.5.12_ol
mutt mutt 1.3.12
mutt mutt 1.3.12.1
mutt mutt 1.3.16
mutt mutt 1.3.17
mutt mutt 1.3.22
mutt mutt 1.3.24
mutt mutt 1.3.25
mutt mutt 1.3.27
mutt mutt 1.3.28
mutt mutt 1.4.0
mutt mutt 1.4.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "780FC5AD-A7D9-436B-BF73-FDCDDDA9E744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "996BC5D6-427B-43D6-B4C3-4AD814C20445",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A1DB8F-6BD5-4E1F-993A-FF5D0F807D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B975F74-4B61-416B-B6B5-A36EF8123C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C891640E-91CC-495D-A7FF-454DCBF7F120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4247B37-30C6-4F19-A709-9A1D073B7AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5D5465E-6782-4AC0-9ECD-AB01EB448991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FF9A116-D09D-4ADE-AA32-CAF51CE1625A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDB7D3BF-06F6-4A0A-9AE4-0EEF5D8E6AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC8CB6D9-30F9-4C56-9CFD-F8E526E84526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1C760A5-D243-45C9-AE60-01F2703DDC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "198C2017-6101-482D-9AEF-DB052411C5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0610C44-6CD3-4448-87AF-6CDFAA1909DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "04186A67-E4A1-4A2A-B84F-585F9DD0E409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "305135F0-E414-430B-AC1A-02A311E66899",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A416609-0BE7-4528-85B0-17F53DFE0D0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C86071C-E508-4EFB-A98E-62CA2BEBB50A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DB0D49-CD49-4EF6-9013-1B03E0D644D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el c\u00f3digo del men\u00fa de \u00edndice (menu_pad_string de menu.c) de Mutt 1.4.1 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servici\u00f3 (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario mediante ciertos mensajes de correo."
    }
  ],
  "id": "CVE-2004-0078",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/126336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3918"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-050.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-051.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9641"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/126336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.