CVE-2006-5297 — Race Condition in Mutt

8 documents7 sources

Severity

1.2LOWNVD

EPSS

0.1%

top 71.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mutt Debian Mutt

Timeline

PublishedOct 16

Latest updateMay 1

Description

Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.

CVSS vector

AV:L/AC:H/C:N/I:P/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mutt< mutt 1.5.13-1.1 (bookworm)

▶Debianmutt/mutt< 1.5.13-1.1+3

▶NVDmutt/mutt1.5.12+23

🔴Vulnerability Details

GHSA

GHSA-p7qx-2j9h-c63p: Race condition in the safe_open function in the Mutt mail client 1↗2022-05-01

▶

OSV

CVE-2006-5297: Race condition in the safe_open function in the Mutt mail client 1↗2006-10-16

▶

📋Vendor Advisories

Ubuntu

mutt vulnerabilities↗2006-11-01

▶

Red Hat

Multiple mutt tempfile race conditions↗2006-10-04

▶

Debian

CVE-2006-5297: mutt - Race condition in the safe_open function in the Mutt mail client 1.5.12 and earl...↗2006

▶

💬Community

Bugzilla

CVE-2006-5297 Multiple mutt tempfile race conditions↗2007-07-20

▶

Bugzilla

CVE-2006-5297 Multiple mutt tempfile race conditions↗2006-10-17

▶