CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:S/C:P/I:P/A:P
EPSS
Percentile
94.6%
CentOS Errata and Security Advisory CESA-2007:0386
Mutt is a text-mode mail user agent.
A flaw was found in the way Mutt used temporary files on NFS file systems.
Due to an implementation issue in the NFS protocol, Mutt was not able to
exclusively open a new file. A local attacker could conduct a
time-dependent attack and possibly gain access to e-mail attachments opened
by a victim. (CVE-2006-5297)
A flaw was found in the way Mutt processed certain APOP authentication
requests. By sending certain responses when mutt attempted to authenticate
against an APOP server, a remote attacker could potentially acquire certain
portions of a user’s authentication credentials. (CVE-2007-1558)
A flaw was found in the way Mutt handled certain characters in gecos fields
which could lead to a buffer overflow. The gecos field is an entry in the
password database typically used to record general information about the
user. A local attacker could give themselves a carefully crafted “Real
Name” which could execute arbitrary code if a victim uses Mutt and expands
the attackers alias. (CVE-2007-2683)
All users of mutt should upgrade to this updated package, which
contains a backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-June/076030.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076031.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076032.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076033.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076034.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076035.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076036.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076037.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076038.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076039.html
Affected packages:
mutt
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0386
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | mutt | < 1.4.1-5.el3 | mutt-1.4.1-5.el3.i386.rpm |
CentOS | 3 | x86_64 | mutt | < 1.4.1-5.el3 | mutt-1.4.1-5.el3.x86_64.rpm |
CentOS | 4 | i386 | mutt | < 1.4.1-12.0.3.el4 | mutt-1.4.1-12.0.3.el4.i386.rpm |
CentOS | 4 | x86_64 | mutt | < 1.4.1-12.0.3.el4 | mutt-1.4.1-12.0.3.el4.x86_64.rpm |
CentOS | 5 | x86_64 | mutt | < 1.4.2.2-3.0.2.el5 | mutt-1.4.2.2-3.0.2.el5.x86_64.rpm |
CentOS | 5 | i386 | mutt | < 1.4.2.2-3.0.2.el5 | mutt-1.4.2.2-3.0.2.el5.i386.rpm |
CentOS | 4 | ia64 | mutt | < 1.4.1-12.0.3.el4 | mutt-1.4.1-12.0.3.el4.ia64.rpm |
CentOS | 3 | ia64 | mutt | < 1.4.1-5.el3 | mutt-1.4.1-5.el3.ia64.rpm |
CentOS | 3 | s390 | mutt | < 1.4.1-5.el3 | mutt-1.4.1-5.el3.s390.rpm |
CentOS | 3 | s390x | mutt | < 1.4.1-5.el3 | mutt-1.4.1-5.el3.s390x.rpm |