SB2018071922 - Fedora 27 update for mutt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018071922

SB2018071922 - Fedora 27 update for mutt

Published: July 19, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018071922
CSH Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2018-14358)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to stack-based buffer overflow in imap/message.c. A remote attacker can use FETCH response with a long RFC822.SIZE field, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


2) Stack-based buffer overflow (CVE-ID: CVE-2018-14352)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to imap_quote_string in imap/util.c does not leave room for quote characters. A remote attacker can use FETCH response with a long INTERNALDATE field, trigger stack-based buffer overflow and cause the service to crash.


3) Integer underflow (CVE-ID: CVE-2018-14353)

CWE-ID: CWE-191 - Integer underflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to integer underflow in imap_quote_string in imap/util.c. . A remote attacker can trigger memory corruption and cause the service to crash.


4) Privilege escalation (CVE-ID: CVE-2018-14356)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper handling of a zero-length unique identifier (UID) by the pop.c code. A local attacker can manipulate the UID value assigned to an email message and cause the service to crash or execute arbitrary code with elevated privileges.


5) Buffer overflow (CVE-ID: CVE-2018-14359)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow when handling malicious input. A remote attacker can use base64 data, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


6) Command injection (CVE-ID: CVE-2018-14354)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to command injection. A remote attacker can use IMAP servers to inject and execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.


7) Path traversal (CVE-ID: CVE-2018-14355)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information cause DoS condition on the target system.

The vulnerability exists due to imap/util.c mishandles ".." directory traversal in a mailbox name. A remote attacker can conduct directory traversal attack and gain access to arbitrary data or cause the service to crash.


8) Path traversal (CVE-ID: CVE-2018-14362)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information cause DoS condition on the target system.

The vulnerability exists due to forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. A remote attacker can conduct directory traversal attack and gain access to arbitrary data or cause the service to crash.


9) Command injection (CVE-ID: CVE-2018-14357)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to command injection. A remote attacker can use IMAP servers to inject and execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.


10) Stack-based buffer overflow (CVE-ID: CVE-2018-14350)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to stack-based buffer overflow in imap/message.c. A remote attacker can use FETCH response with a long INTERNALDATE field, trigger memory corruption and cause the service to crash.


11) Improper input validation (CVE-ID: CVE-2018-14349)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to mishandling of a NO response without a message in imap/command.c. A remote attacker can bypass security restrictions and conduct further attacks.


12) Improper input validation (CVE-ID: CVE-2018-14351)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to imap/command.c mishandles a long IMAP status mailbox literal count size. A remote attacker can supply specially crafted input and cause the service to crash.


Remediation

Install update from vendor's website.

References