Re: How to report Mutt security issues?
Derek Martin <invalid@xxxxxxxxxxxxxx> wrote:
> On Wed, Jul 13, 2005 at 12:28:27AM +0200, Frank Denis (Jedi/Sector One) wrote:
> >
> > I'd like to report a remotely exploitable security issue in Mutt.
> >
> > What is the right way to do so?
>
> Was there an answer to this?
Not that I saw.
> While I have doubts that "remotely exploitable" is being used fairly here,
I'm not sure what you meant by this. It's entirely possible that a bug in
mutt code (buffer overflow, etc) would allow an attacker to craft a message to
exploit that bug and run a payload as you when you view that message. If that
payload is `sh -c 'rm -rf $HOME'` or equivalent, I think you'd call that a
"remotely exploitable" security problem.
Whether such bugs exist is the only question, and the OP may have found
something. I await an announcement.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <muttdev@xxxxxxxxxxxxxxxxxxxx>
-----------------------------------------------------------------------