CVE-2002-0001

Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449
http://marc.info/?l=bugtraq&m=100994648918287&w=2
http://online.securityfocus.com/advisories/3778
http://www.debian.org/security/2002/dsa-096	Patch
http://www.iss.net/security_center/static/7759.php
http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html
http://www.redhat.com/support/errata/RHSA-2002-003.html	Patch
http://www.securityfocus.com/bid/3774
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449
http://marc.info/?l=bugtraq&m=100994648918287&w=2
http://online.securityfocus.com/advisories/3778
http://www.debian.org/security/2002/dsa-096	Patch
http://www.iss.net/security_center/static/7759.php
http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html
http://www.redhat.com/support/errata/RHSA-2002-003.html	Patch
http://www.securityfocus.com/bid/3774

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mutt:mutt::::::::
	cpe:2.3:a:mutt:mutt::::::::

History

20 Nov 2024, 23:38

Type	Values Removed	Values Added
References	~~() ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt -~~	() ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt -
References	~~() ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc -~~	() ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc -
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449 -~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449 -
References	~~() http://marc.info/?l=bugtraq&m=100994648918287&w=2 -~~	() http://marc.info/?l=bugtraq&m=100994648918287&w=2 -
References	~~() http://online.securityfocus.com/advisories/3778 -~~	() http://online.securityfocus.com/advisories/3778 -
References	~~() http://www.debian.org/security/2002/dsa-096 - Patch~~	() http://www.debian.org/security/2002/dsa-096 - Patch
References	~~() http://www.iss.net/security_center/static/7759.php -~~	() http://www.iss.net/security_center/static/7759.php -
References	~~() http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html -~~	() http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html -
References	~~() http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html -~~	() http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2002-003.html - Patch~~	() http://www.redhat.com/support/errata/RHSA-2002-003.html - Patch
References	~~() http://www.securityfocus.com/bid/3774 -~~	() http://www.securityfocus.com/bid/3774 -

Information

Published : 2002-02-27 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-0001

Mitre link : CVE-2002-0001

CVE.ORG link : CVE-2002-0001

JSON object : View

Products Affected

mutt

mutt

CWE

NVD-CWE-Other

{"id": "CVE-2002-0001", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-02-27T05:00:00.000", "references": [{"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt", "source": "cve@mitre.org"}, {"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc", "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=100994648918287&w=2", "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/advisories/3778", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2002/dsa-096", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/7759.php", "source": "cve@mitre.org"}, {"url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-003.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3774", "source": "cve@mitre.org"}, {"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=100994648918287&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://online.securityfocus.com/advisories/3778", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2002/dsa-096", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/7759.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-003.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3774", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list."}, {"lang": "es", "value": "Vulnerabilidad en el analizador de direcciones RFC822 de mutt (versiones 1.2.5.1 y anteriores y 1.3.x hasta la 1.3.35), permite que atacantes remotos puedan ejecutar comandos arbitrarios por medio de un comentario o frase mal terminado en la lista de direcciones."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7335B1D2-823F-404D-B6C8-7E789B20D4BD", "versionEndIncluding": "1.2.5.1"}, {"criteria": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CEA8211-EF60-4538-A263-289B7EEEF230", "versionEndIncluding": "1.3.25"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10