gsd-2002-0001
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
Aliases
Aliases
CVE-2002-0001


To clipboard 

{
  "GSD": {
    "alias": "CVE-2002-0001",
    "description": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.",
    "id": "GSD-2002-0001",
    "references": [
      "https://www.debian.org/security/2002/dsa-096",
      "https://access.redhat.com/errata/RHSA-2002:003"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-0001"
      ],
      "details": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.",
      "id": "GSD-2002-0001",
      "modified": "2023-12-13T01:24:07.974591Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-0001",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "HPSBTL0201-011",
            "refsource": "HP",
            "url": "http://online.securityfocus.com/advisories/3778"
          },
          {
            "name": "FreeBSD-SA-02:04",
            "refsource": "FREEBSD",
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"
          },
          {
            "name": "DSA-096",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2002/dsa-096"
          },
          {
            "name": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html",
            "refsource": "CONFIRM",
            "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"
          },
          {
            "name": "CLA-2002:449",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000449"
          },
          {
            "name": "mutt-address-handling-bo(7759)",
            "refsource": "XF",
            "url": "http://www.iss.net/security_center/static/7759.php"
          },
          {
            "name": "3774",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/3774"
          },
          {
            "name": "CSSA-2002-002.0",
            "refsource": "CALDERA",
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"
          },
          {
            "name": "SuSE-SA:2002:001",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"
          },
          {
            "name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=100994648918287\u0026w=2"
          },
          {
            "name": "RHSA-2002:003",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.3.25",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0001"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-096",
              "refsource": "DEBIAN",
              "tags": [
                "Patch"
              ],
              "url": "http://www.debian.org/security/2002/dsa-096"
            },
            {
              "name": "RHSA-2002:003",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"
            },
            {
              "name": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"
            },
            {
              "name": "SuSE-SA:2002:001",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"
            },
            {
              "name": "FreeBSD-SA-02:04",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"
            },
            {
              "name": "HPSBTL0201-011",
              "refsource": "HP",
              "tags": [],
              "url": "http://online.securityfocus.com/advisories/3778"
            },
            {
              "name": "CSSA-2002-002.0",
              "refsource": "CALDERA",
              "tags": [],
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"
            },
            {
              "name": "3774",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/3774"
            },
            {
              "name": "mutt-address-handling-bo(7759)",
              "refsource": "XF",
              "tags": [],
              "url": "http://www.iss.net/security_center/static/7759.php"
            },
            {
              "name": "CLA-2002:449",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000449"
            },
            {
              "name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=100994648918287\u0026w=2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-10-18T02:15Z",
      "publishedDate": "2002-02-27T05:00Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.