#VU29425 Code injection in Mutt


Published: 2020-07-01

Vulnerability identifier: #VU29425

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14954

CWE-ID: CWE-74

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mutt
Client/Desktop applications / Office applications

Vendor: Mutt.org

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insecure implementation of the STARTTLS buffering for IMAP, SMTP, and POP3 protocols. A remote attacker can inject arbitrary data into the TLS context during MitM attack, e.g. perform a response injection attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mutt: 1.14 - 1.14.3

External links
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html
http://www.mutt.org/
http://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc
http://github.com/neomutt/neomutt/releases/tag/20200619
http://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
http://gitlab.com/muttmua/mutt/-/issues/248
http://www.debian.org/security/2020/dsa-4707
http://www.debian.org/security/2020/dsa-4708

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler update for mutt
Gentoo update for Mutt, Neomutt
OpenSUSE Linux update for mutt
OpenSUSE Linux update for mutt
MitM attack in Mutt
Debian update for neomutt