[Security Advisory] mutt - Mutt Buffer Overflow in mutt_substrdup() Lets Remote Users Deny Service

Security
1

Date: 12-12-2014
Severity: 2.9
Type: Remote

Summary

A remote user can send a specially crafted email that, when viewed by the target user, will cause the target user’s client to crash.

Description

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

Systems with header weeding disabled (set weed=no) are affected.

Affected Distributions

Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116
http://dev.mutt.org/trac/ticket/3716
http://www.debian.org/security/2014/dsa-3083