Re: How to report Mutt security issues?
On 2005-07-14 10:48:55 -0600, Charles Cazabon wrote:
> > > I'd like to report a remotely exploitable security issue in Mutt.
> > > What is the right way to do so?
> > Was there an answer to this?
> Not that I saw.
There was an answer in private mail, to which I have not yet
received a reply.
>> While I have doubts that "remotely exploitable" is being used
>> fairly here,
> I'm not sure what you meant by this. It's entirely possible that
> a bug in mutt code (buffer overflow, etc) would allow an attacker
> to craft a message to exploit that bug and run a payload as you
> when you view that message. If that payload is `sh -c 'rm -rf
> $HOME'` or equivalent, I think you'd call that a "remotely
> exploitable" security problem.
Yup.
--
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.