Lucene search

MitreCVE-2006-5298

HistoryOct 16, 2006 - 7:07 p.m.

CVE-2006-5298

2006-10-1619:07:00

mitre

web.nvd.nist.gov

mutt mail client

cve-2006-5298

file permissions

local users

race condition

security vulnerability

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

Affected configurations

Nvd

Node

muttmuttRange≤1.5.12

muttmuttMatch0.95.6

muttmuttMatch1.2.1

muttmuttMatch1.2.5

muttmuttMatch1.2.5.1

muttmuttMatch1.2.5.4

muttmuttMatch1.2.5.5

muttmuttMatch1.2.5.12

muttmuttMatch1.2.5.12_ol

muttmuttMatch1.3.12

muttmuttMatch1.3.12.1

muttmuttMatch1.3.16

muttmuttMatch1.3.17

muttmuttMatch1.3.22

muttmuttMatch1.3.24

muttmuttMatch1.3.25

muttmuttMatch1.3.27

muttmuttMatch1.3.28

muttmuttMatch1.4.0

muttmuttMatch1.4.1

muttmuttMatch1.4.2

muttmuttMatch1.4.2.1

muttmuttMatch1.5.3

muttmuttMatch1.5.10

VendorProductVersionCPE
muttmutt*cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*
muttmutt0.95.6cpe:2.3:a:mutt:mutt:0.95.6:*:*:*:*:*:*:*
muttmutt1.2.1cpe:2.3:a:mutt:mutt:1.2.1:*:*:*:*:*:*:*
muttmutt1.2.5cpe:2.3:a:mutt:mutt:1.2.5:*:*:*:*:*:*:*
muttmutt1.2.5.1cpe:2.3:a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:*
muttmutt1.2.5.4cpe:2.3:a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:*
muttmutt1.2.5.5cpe:2.3:a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:*
muttmutt1.2.5.12cpe:2.3:a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:*
muttmutt1.2.5.12_olcpe:2.3:a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:*
muttmutt1.3.12cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mutt	mutt	*	cpe:2.3:a:mutt:mutt::::::::
mutt	mutt	0.95.6	cpe:2.3:a:mutt:mutt:0.95.6:::::::*
mutt	mutt	1.2.1	cpe:2.3:a:mutt:mutt:1.2.1:::::::*
mutt	mutt	1.2.5	cpe:2.3:a:mutt:mutt:1.2.5:::::::*
mutt	mutt	1.2.5.1	cpe:2.3:a:mutt:mutt:1.2.5.1:::::::*
mutt	mutt	1.2.5.4	cpe:2.3:a:mutt:mutt:1.2.5.4:::::::*
mutt	mutt	1.2.5.5	cpe:2.3:a:mutt:mutt:1.2.5.5:::::::*
mutt	mutt	1.2.5.12	cpe:2.3:a:mutt:mutt:1.2.5.12:::::::*
mutt	mutt	1.2.5.12_ol	cpe:2.3:a:mutt:mutt:1.2.5.12_ol:::::::*
mutt	mutt	1.3.12	cpe:2.3:a:mutt:mutt:1.3.12:::::::*