Gentoo update for Mutt, NeoMutt
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362 |
| CWE-ID | CWE-20 CWE-121 CWE-191 CWE-77 CWE-22 CWE-264 CWE-120 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU14136
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14349
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to mishandling of a NO response without a message in imap/command.c. A remote attacker can bypass security restrictions and conduct further attacks.
MitigationUpdate the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU14137
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14350
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to stack-based buffer overflow in imap/message.c. A remote attacker can use FETCH response with a long INTERNALDATE field, trigger memory corruption and cause the service to crash.
MitigationUpdate the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU14138
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14351
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to imap/command.c mishandles a long IMAP status mailbox literal count size. A remote attacker can supply specially crafted input and cause the service to crash.
MitigationUpdate the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU14139
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14352
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to imap_quote_string in imap/util.c does not leave room for quote characters. A remote attacker can use FETCH response with a long INTERNALDATE field, trigger stack-based buffer overflow and cause the service to crash.
MitigationUpdate the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer underflow
EUVDB-ID: #VU14140
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14353
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to integer underflow in imap_quote_string in imap/util.c. . A remote attacker can trigger memory corruption and cause the service to crash.
MitigationUpdate the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Command injection
EUVDB-ID: #VU14141
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14354
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to command injection. A remote attacker can use IMAP servers to inject and execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
MitigationUpdate the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Path traversal
EUVDB-ID: #VU14142
Risk: Low
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14355
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information cause DoS condition on the target system.
The vulnerability exists due to imap/util.c mishandles ".." directory traversal in a mailbox name. A remote attacker can conduct directory traversal attack and gain access to arbitrary data or cause the service to crash.
Update the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Privilege escalation
EUVDB-ID: #VU13970
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14356
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to improper handling of a zero-length unique identifier (UID) by the pop.c code. A local attacker can manipulate the UID value assigned to an email message and cause the service to crash or execute arbitrary code with elevated privileges.
Update the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Command injection
EUVDB-ID: #VU14143
Risk: Low
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14357
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to command injection. A remote attacker can use IMAP servers to inject and execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
MitigationUpdate the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Stack-based buffer overflow
EUVDB-ID: #VU14144
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-14358
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow in imap/message.c. A remote attacker can use FETCH response with a long RFC822.SIZE field, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU14145
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-14359
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow when handling malicious input. A remote attacker can use base64 data, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Path traversal
EUVDB-ID: #VU14148
Risk: Low
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14362
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information cause DoS condition on the target system.
The vulnerability exists due to forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. A remote attacker can conduct directory traversal attack and gain access to arbitrary data or cause the service to crash.
MitigationUpdate the affected packages.
net-client/mutt to version: 1.10-1
mail-client/neomutt to version: 20180716
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
