Bug 109317 - mutt segfaults reading inbox
mutt segfaults reading inbox
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: mutt (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-06 14:59 EST by Adrian Likins
Modified: 2014-03-16 22:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-05-27 12:02:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adrian Likins 2003-11-06 14:59:27 EST
Description of problem:
got a pile of new mail this morning. Mostly spam, when
scrolling though the index deleting everything, mutt 
segfaulted. 

Closer look seems to indicate just reading a particular
message causes a segfault. I'll attach the inbox file
that causes the crash. Just:

mutt -f /tmp/folder 

and scroll though the index.

Since this is a segfault on untrusted data, its possibly
a security issue, so flagging as such.



Version-Release number of selected component (if applicable):
[alikins@sludge alikins]$ rpm -q mutt
mutt-1.4.1-4


How reproducible:
easy

Steps to Reproduce:
see above
Comment 3 Adrian Likins 2003-11-06 15:50:21 EST
yeah, down arrow in the index view for that folder crashes for me


Hmm, weird. Trying it in a different terminal window and it
doesnt segfault. Maybe its related to term size or something
Comment 4 Mark J. Cox (Product Security) 2004-01-27 07:27:04 EST
Bill said "It was fixed in the development branch of mutt on 2002-02-13:
date: 2002/02/13 09:53:33;  author: roessler;  state: Exp;  lines: +4
-21 Fix mutt_pad_string; from Edmund Grimley Evans.  (MAY NEED TO BE
BACKPORTED.)"


Comment 5 Mark J. Cox (Product Security) 2004-01-27 07:30:02 EST
Allocated CAN-2004-0078 for this issue; treating still as embargoed
until we've backported, told vendor-sec and upstream etc.
Comment 6 Mark J. Cox (Product Security) 2004-05-27 06:36:01 EDT
Removing embargo, this became public in February:
http://marc.theaimsgroup.com/?l=bugtraq&m=107651677817933&w=2
Comment 7 Mark J. Cox (Product Security) 2004-05-27 12:02:39 EDT
closed see:
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00015.html

Note You need to log in before you can comment on or make changes to this bug.