Executive Summary
| Summary | |
|---|---|
| Title | elm security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2005:755 | First vendor Publication | 2005-08-23 |
| Vendor | RedHat | Last vendor Modification | 2005-08-23 |
| Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: An updated elm package is now available that fixes a buffer overflow issue for Red Hat Enterprise Linux 2.1 AS and AW. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Problem description: Elm is a terminal mode email client. A buffer overflow flaw in Elm was discovered that was triggered by viewing a mailbox containing a message with a carefully crafted 'Expires' header. An attacker could create a malicious message that would execute arbitrary code with the privileges of the user who received it. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2665 to this issue. Users of Elm should update to this updated package, which contains a backported patch that corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 166580 - CAN-2005-2665 elm buffer overflow |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2005-755.html |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 18914 | ELM Expires Header Parsing Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-310-03.nasl - Type : ACT_GATHER_INFO |
| 2005-10-19 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-186.nasl - Type : ACT_GATHER_INFO |
| 2005-08-30 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-755.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:49:38 |
|
