CVE-ID

CVE-2002-0001

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20020101 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20050707)
Votes (Legacy)
ACCEPT(4) Baker, Cole, Green, Wall
MODIFY(1) Frech
NOOP(2) Christey, Foat
Comments (Legacy)
 Christey> I need to review this for accuracy; is it just a buffer
   overflow?  See Mark Cox' comments in his "Chinese Whisper"
   article.
 Frech> XF:mutt-address-handling-bo(7759)
 Christey> See Caldera advisory for a good, short description of the
   issue.
   BID:3774
   URL:http://www.securityfocus.com/bid/3774
   SUSE:SuSE-SA:2002:001
   URL:http://www.suse.de/de/support/security/2002_001_mutt_txt.html
   CONECTIVA:CLA-2002:449
   DEBIAN:DSA-096
   FREEBSD:FreeBSD-SA-02:04
   HP:HPSBTL0201-011
   URL:http://online.securityfocus.com/advisories/3778
   CALDERA:CSSA-2002-002.0
   URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-002.0.txt

Proposed (Legacy)
20020131
This is an entry on the CVE list, which standardizes names for security problems.