Test ID:	1.3.6.1.4.1.25623.1.0.51094
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2004:009
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2004:009. Elm is a terminal mode email user agent. The frm command is provided as part of the Elm packages and gives a script_summary( list of the sender and subject of selected messages in a mailbox or folder. A buffer overflow vulnerability was found in the frm command. An attacker could create a message with an overly long Subject line such that when the frm command is run by a victim arbitrary code is executed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0966 to this issue. Users of the frm command should update to these erratum packages, which contain a backported security patch that corrects this issue. Red Hat would like to thank Paul Rubin for discovering and disclosing this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-009.html Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 9430 Common Vulnerability Exposure (CVE) ID: CVE-2003-0966 http://www.securityfocus.com/bid/9430 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078 http://www.redhat.com/support/errata/RHSA-2004-009.html SGI Security Advisory: 20040103-01-U ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc XForce ISS Database: elm-frm-subject-bo(14840) https://exchange.xforce.ibmcloud.com/vulnerabilities/14840
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.