CVE-2004-0078 | Vulnerability Database | Aqua Security

Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.

Affected Software

Name	Vendor	Start Version	End Version
Mutt	Mutt	1.2.1 (including)	1.2.1 (including)
Mutt	Mutt	1.2.5 (including)	1.2.5 (including)
Mutt	Mutt	1.2.5.1 (including)	1.2.5.1 (including)
Mutt	Mutt	1.2.5.4 (including)	1.2.5.4 (including)
Mutt	Mutt	1.2.5.5 (including)	1.2.5.5 (including)
Mutt	Mutt	1.2.5.12 (including)	1.2.5.12 (including)
Mutt	Mutt	1.2.5.12_ol (including)	1.2.5.12_ol (including)
Mutt	Mutt	1.3.12 (including)	1.3.12 (including)
Mutt	Mutt	1.3.12.1 (including)	1.3.12.1 (including)
Mutt	Mutt	1.3.16 (including)	1.3.16 (including)
Mutt	Mutt	1.3.17 (including)	1.3.17 (including)
Mutt	Mutt	1.3.22 (including)	1.3.22 (including)
Mutt	Mutt	1.3.24 (including)	1.3.24 (including)
Mutt	Mutt	1.3.25 (including)	1.3.25 (including)
Mutt	Mutt	1.3.27 (including)	1.3.27 (including)
Mutt	Mutt	1.3.28 (including)	1.3.28 (including)
Mutt	Mutt	1.4.0 (including)	1.4.0 (including)
Mutt	Mutt	1.4.1 (including)	1.4.1 (including)
Red Hat Enterprise Linux 3	RedHat	mutt-5:1.4.1-3.4	*
Red Hat Linux 9	RedHat		*

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt
http://bugs.debian.org/126336
http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010
http://www.osvdb.org/3918
http://www.redhat.com/support/errata/RHSA-2004-050.html
http://www.redhat.com/support/errata/RHSA-2004-051.html
http://www.securityfocus.com/bid/9641
http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053
https://exchange.xforce.ibmcloud.com/vulnerabilities/15134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt
http://bugs.debian.org/126336
http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010
http://www.osvdb.org/3918
http://www.redhat.com/support/errata/RHSA-2004-050.html
http://www.redhat.com/support/errata/RHSA-2004-051.html
http://www.securityfocus.com/bid/9641
http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053
https://exchange.xforce.ibmcloud.com/vulnerabilities/15134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0078
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html