CVE-2003-0140

Name of the Vulnerable Software and Affected Versions libesmtp versions 0.8.12 mutt versions 1.4.0 through 1.5.3 Balsa version 2.0.10 and earlier

Description The issue concerns multiple vulnerabilities in certain packages of Red Hat Linux and Debian GNU/Linux operating systems, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow in Mutt and possibly other programs that use Mutt code allows a remote malicious IMAP server to cause a denial of service and possibly execute arbitrary code via a crafted folder.

Recommendations For libesmtp version 0.8.12, update to a newer version to mitigate the risk. For mutt versions 1.4.0 through 1.5.3, update to version 1.5.4 or later to resolve the issue. For Balsa version 2.0.10 and earlier, update to version 2.0.11 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the IMAP server to minimize the risk of exploitation.