Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2003-111: balsa


Vulnerability Assessment Details

RHSA-2003-111: balsa

Vulnerability Assessment Summary
Check for the version of the balsa packages

Detailed Explanation for this Vulnerability Assessment


Updated Balsa packages are available which fix potential vulnerabilities in
the IMAP handling code and in libesmtp.

Balsa is a GNOME email client which includes code from Mutt.

A potential buffer overflow exists in Balsa versions 1.2 and higher when
parsing mailbox names returned by an IMAP server. It is possible that a
hostile IMAP server could cause arbitrary code to be executed by the user
running Balsa.

Additionally, a buffer overflow in libesmtp (an SMTP library used by Balsa)
before version 0.8.11 permits a hostile remote SMTP server to execute
arbitrary code via a certain response or cause a denial of service via long
server responses.

Users of Balsa are recommended to upgrade to these erratum packages which
include updated versions of Balsa and libesmtp which are not vulnerable to
these issues.

Red Hat would like to thank CORE security for discovering the
vulnerability, and the Mutt team for providing a patch.




Solution : http://rhn.redhat.com/errata/RHSA-2003-111.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

MIXED LOT OF 4: Intel Pentium x2 G2120 SR0UF @ 3.10GHz x2 G645 2.90GHz Processor
$19.99
MIXED LOT OF 4: Intel Pentium x2 G2120 SR0UF @ 3.10GHz x2 G645 2.90GHz Processor pictureSUN CPU Module 400Mz for Ultra 5 , 501-5741 , Test PASS with 90 days warranty
$115.0
SUN CPU Module 400Mz for Ultra 5 , 501-5741 , Test PASS with 90 days warranty pictureIntel Core i7 940XM SLBSC 2.13 GHz BY80607002526AE CPU Processor 2.5 GT/s
$128.0
Intel Core i7 940XM SLBSC 2.13 GHz BY80607002526AE CPU Processor 2.5 GT/s pictureNew Allen Bradley 1756-L72 /B Pkg 2016 Logix5572 ControlLogix Processor FW 1.010
$2894.0
New Allen Bradley 1756-L72 /B Pkg 2016 Logix5572 ControlLogix Processor FW 1.010 picture


Discussions

No Discussions have been posted on this vulnerability.