GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Oct 16, 2007 11:26 pm Post subject: [ GLSA 200710-17 ] Balsa: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: Balsa: Buffer overflow (GLSA 200710-17)
Severity: normal
Exploitable: remote
Date: October 16, 2007
Bug(s): #193179
ID: 200710-17
Synopsis
Balsa is vulnerable to a buffer overflow allowing for the user-assisted execution of arbitrary code.
Background
Balsa is a highly configurable email client for GNOME.
Affected Packages
Package: mail-client/balsa
Vulnerable: < 2.3.20
Unaffected: >= 2.3.20
Architectures: All supported architectures
Description
Evil Ninja Squirrel discovered a stack-based buffer overflow in the ir_fetch_seq() function when receiving a long response to a FETCH command (CVE-2007-5007).
Impact
A remote attacker could entice a user to connect to a malicious or compromised IMAP server, possibly leading to the execution of arbitrary code with the rights of the user running Balsa.
Workaround
There is no known workaround at this time.
Resolution
All Balsa users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/balsa-2.3.20" |
References
CVE-2007-5007
Last edited by GLSA on Sat Nov 01, 2008 4:22 am; edited 2 times in total |
|
News & Announcements
