From owner-freebsd-security Fri Jan 4 19:27:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by hub.freebsd.org (Postfix) with ESMTP id 5A54237B41D for ; Fri, 4 Jan 2002 19:27:28 -0800 (PST) Received: from pc-02 (pc02.ekahuna.com [198.144.200.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com; Fri, 4 Jan 2002 19:27:27 -0800 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: Tim Zingelman Date: Fri, 4 Jan 2002 19:27:28 -0800 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Security advisory SA-02:04 typo? Reply-To: pjklist@ekahuna.com Cc: security@FreeBSD.ORG Message-ID: <3C360220.17452.2C76D79@localhost> References: <3C35F700.20238.29BF6BB@localhost> In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 4 Jan 2002, at 21:07, Tim Zingelman boldly uttered: > On Fri, 4 Jan 2002, Philip J. Koenig wrote: > > > >=== FreeBSD-SA-02:04 Security Advisory FreeBSD, Inc. > > > > > > Topic: mutt ports contain remotely exploitable buffer overflow > > > > > > Category: ports > > > Module: mutt > > > Announced: 2002-01-04 > > > Credits: Joost Pol > > > Affects: Ports collection prior to the correction date > > > Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x) > > > 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x) > > > FreeBSD only: NO > > > > > > I. Background > > > > > > Mutt is a small but very powerful text-based mail client for Unix > > > operating systems. > > > > > > II. Problem Description > > > > > > The mutt ports, versions prior to mutt-1.2.25_1 and > > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > > > email addresses in headers. > > > > > > Shall I assume the "1.2.25_1" string above is a typo? Is it really > > the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to > > be pretty old at this point. > > This is not a typo. The FreeBSD PORT version is "1.2.25_1" indicating > that the 1.2.25 port has been updated once (to repair the security issue). > This port patches the 1.2.25 source tarball rather than using the 1.2.25.1 > source tarball. > > The latest stable version of mutt available from www.mutt.org is 1.2.25.1, > and it also has the security fix. > > - Tim OK, maybe I'm misunderstanding the version numbers here. The version of mutt on my Linux box is 1.2.5i. The version on one of my FreeBSD 4 Stable boxes is 1.2.4i, on another just installed from the mutt port on the 4.4-RELEASE CD, 1.2.5i, and the mutt port just cvsup'd 4 days ago is 1.2.5i. So I assumed 1.2.5 was relatively current. I have gotten used to version numbers that increment on a column-by- column basis, not on a (I don't know the terminology here) integer- between-the-dots basis. (I realize it often does this in the *nix/open-source world.. I just forget sometimes) So if 1.2.25 is actually 11 iterations newer than 1.2.4, then I can see where I was confusing things. Looks like the FreeBSD port version of mutt just took a (borrowing a term from China) "great leap forward" then. Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message