SB2018073116 - Arch Linux update for neomutt
Published: July 31, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-14349)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to mishandling of a NO response without a message in imap/command.c. A remote attacker can bypass security restrictions and conduct further attacks.
2) Stack-based buffer overflow (CVE-ID: CVE-2018-14350)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to stack-based buffer overflow in imap/message.c. A remote attacker can use FETCH response with a long INTERNALDATE field, trigger memory corruption and cause the service to crash.
3) Improper input validation (CVE-ID: CVE-2018-14351)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to imap/command.c mishandles a long IMAP status mailbox literal count size. A remote attacker can supply specially crafted input and cause the service to crash.
4) Stack-based buffer overflow (CVE-ID: CVE-2018-14352)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to imap_quote_string in imap/util.c does not leave room for quote characters. A remote attacker can use FETCH response with a long INTERNALDATE field, trigger stack-based buffer overflow and cause the service to crash.
5) Integer underflow (CVE-ID: CVE-2018-14353)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to integer underflow in imap_quote_string in imap/util.c. . A remote attacker can trigger memory corruption and cause the service to crash.
6) Command injection (CVE-ID: CVE-2018-14354)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to command injection. A remote attacker can use IMAP servers to inject and execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
7) Path traversal (CVE-ID: CVE-2018-14355)
The vulnerability allows a remote attacker to obtain potentially sensitive information cause DoS condition on the target system.
The vulnerability exists due to imap/util.c mishandles ".." directory traversal in a mailbox name. A remote attacker can conduct directory traversal attack and gain access to arbitrary data or cause the service to crash.
8) Privilege escalation (CVE-ID: CVE-2018-14356)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to improper handling of a zero-length unique identifier (UID) by the pop.c code. A local attacker can manipulate the UID value assigned to an email message and cause the service to crash or execute arbitrary code with elevated privileges.
9) Command injection (CVE-ID: CVE-2018-14357)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to command injection. A remote attacker can use IMAP servers to inject and execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
10) Stack-based buffer overflow (CVE-ID: CVE-2018-14358)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow in imap/message.c. A remote attacker can use FETCH response with a long RFC822.SIZE field, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
11) Buffer overflow (CVE-ID: CVE-2018-14359)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow when handling malicious input. A remote attacker can use base64 data, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
12) Stack-based buffer overflow (CVE-ID: CVE-2018-14360)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect sscanf usage. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
13) Improper input validation (CVE-ID: CVE-2018-14361)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to nntp.c proceeds even if memory allocation fails for messages data. A remote attacker can supply specially crafted input and cause the service to crash.
14) Path traversal (CVE-ID: CVE-2018-14362)
The vulnerability allows a remote attacker to obtain potentially sensitive information cause DoS condition on the target system.
The vulnerability exists due to forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. A remote attacker can conduct directory traversal attack and gain access to arbitrary data or cause the service to crash.
15) Path traversal (CVE-ID: CVE-2018-14363)
The vulnerability allows a remote attacker to obtain potentially sensitive information cause DoS condition on the target system.
The vulnerability exists due to newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. A remote attacker can conduct directory traversal attack and gain access to arbitrary data or cause the service to crash.
Remediation
Install update from vendor's website.