Author: neilm Date: 2005-10-04 11:32:33 +0000 (Tue, 04 Oct 2005) New Revision: 2296 Added: data/DTSA/advs/20-mailutils.adv Log: Created .adv Added: data/DTSA/advs/20-mailutils.adv ==================================================================--- data/DTSA/advs/20-mailutils.adv 2005-10-04 09:54:28 UTC (rev 2295) +++ data/DTSA/advs/20-mailutils.adv 2005-10-04 11:32:33 UTC (rev 2296) @@ -0,0 +1,18 @@ +source: mailutils +date: October 4th, 2005 +author: Neil Mcgovern +vuln-type: Format string vulnerability +problem-scope: remote +debian-specifc: no +cve: CAN-2005-2878 +vendor-advisory: http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407 +testing-fix: 1:0.6.90-2.1etch1 +sid-fix: 1:0.6.90-3 +upgrade: apt-get install mailutils + +A ormat string vulnerability has been discovered in Mailutils. + +CAN-2005-2878 + A format string vulnerability in search.c in the imap4d server in GNU + Mailutils 0.6 allows remote authenticated users to execute arbitrary code via + format string specifiers in the SEARCH command.