Description
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
Product(s):
- Sylpheed-Claws 1.0.2
- Sylpheed 0.8.11
- Sylpheed 0.9.10
- Sylpheed 0.9.11
- Sylpheed 0.9.12
- Sylpheed 0.9.4
- Sylpheed 0.9.5
- Sylpheed 0.9.6
- Sylpheed 0.9.7
- Sylpheed 0.9.8
- Sylpheed 0.9.99
- Sylpheed 0.9.9
- Sylpheed 1.0.0
- Sylpheed 1.0.1
- Sylpheed 1.0.2
- ALT Linux 2.3 Compact Edition
- ALT Linux 2.3 Junior Edition
- Gentoo Linux
- Gentoo Linux 1.2
- Gentoo Linux 1.4
- Gentoo Linux 1.4 -
- Gentoo Linux 1.4 rc1
- Gentoo Linux 1.4 rc2
- Gentoo Linux 1.4 rc3
- Gentoo Linux 2.1.30 r9
- Gentoo Linux 2.2.28 r7
- Gentoo Linux 2.3.30 r2
- Red Hat Enterprise Linux 2.1 Advanced Server
- Red Hat Enterprise Linux 2.1 Advanced Server IA64
- Red Hat Enterprise Linux 2.1 Enterprise Server
- Red Hat Enterprise Linux 2.1 Enterprise Server IA64
- Red Hat Enterprise Linux 2.1 Workstation
- Red Hat Enterprise Linux 2.1 Workstation IA64
- Red Hat Fedora Core Core 3.0
- Red Hat Linux Advanced Workstation 2.1 on IA64
- Red Hat Linux Advanced Workstation 2.1 on Itanium Processor
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0667, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0667 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.