l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2004 Feb 12 17:25

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Mutt-1.4.2 fixes buffer overflow. (fwd)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Mutt-1.4.2 fixes buffer overflow. (fwd)



Since I know a lot of you guys use Mutt, thought you'd be interested in
this posting that came across Bugtraq today. Time to check your version
numbers and see if you're vulnerable :)

Shwaine

---------- Forwarded message ----------
Date: Wed, 11 Feb 2004 15:21:14 +0100
From: Thomas Roessler <roessler@does-not-exist.org>
To: BUGTRAQ@securityfocus.com
Subject: Mutt-1.4.2 fixes buffer overflow.

Mutt-1.4.2 has just been released; this version fixes a buffer
overflow that can be triggered by incoming messages.  There are
reports about spam that has actually triggered this problem and
crashed mutt.

It is recommended that users of mutt versions prior to 1.4.2 upgrade
to this version, or apply the patch included below.

Users of "unstable" mutt versions after 1.3.28 (including 1.5.*) do
not need to upgrade, as this problem had been fixed in the unstable
branch in February 2002; unfortunately, the fix was not backported
before 1.4 was released.


mutt-1.4.2 can be found at ftp://ftp.mutt.org/mutt/.

Distribution files:

  MD5 checksum                    file name             size

44fc379c317109f516894a7c3fd43cc9  diff-1.4.1i-1.4.2i.gz	(23k)
6045b47cbba8170d6a9fdccc1aa817b9  mutt-1.4.2i.tar.gz	(2.4M)

Linux distributors are expected to release updated mutt packages
shortly.


Credits:  The problem in the stable mutt code base was originally
reported to Red Hat, and was brought to my attention by Mark Cox.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0078 to this issue.

Regards,
-- 
Thomas Roessler  Personal soap box at <http://log.does-not-exist.org/>.






Index: menu.c
===================================================================
RCS file: /cvs/mutt/mutt/menu.c,v
retrieving revision 2.27.2.1
diff -u -r2.27.2.1 menu.c
--- menu.c	28 Jan 2002 10:18:50 -0000	2.27.2.1
+++ menu.c	11 Feb 2004 10:05:52 -0000
@@ -148,30 +148,13 @@
     menu->make_entry (s, l, menu, i);
 }

-void menu_pad_string (char *s, size_t l)
+void menu_pad_string (char *s, size_t n)
 {
-  size_t n = mutt_strlen (s);
   int shift = option (OPTARROWCURSOR) ? 3 : 0;
-
-  l--; /* save room for the terminal \0 */
-  if (l > COLS - shift)
-    l = COLS - shift;
+  int cols = COLS - shift;

-  /* Let's just pad the string anyway ... */
-  mutt_format_string (s, INT_MAX, l, l, 0, ' ', s, n, 1);
-  return;
-
-#if !defined (HAVE_BKGDSET) && !defined (USE_SLANG_CURSES)
-  /* we have to pad the string with blanks to the end of line */
-  if (n < l)
-  {
-    while (n < l)
-      s[n++] = ' ';
-    s[n] = 0;
-  }
-  else
-#endif
-    s[l] = 0;
+  mutt_format_string (s, n, cols, cols, 0, ' ', s, strlen (s), 1);
+  s[n - 1] = 0;
 }

 void menu_redraw_full (MUTTMENU *menu)

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.