CVE-2006-5298 — Race Condition in Mutt

8 documents7 sources

Severity

1.2LOWNVD

EPSS

0.1%

top 81.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mutt Debian Mutt

Timeline

PublishedOct 16

Latest updateMay 1

Description

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

CVSS vector

AV:L/AC:H/C:N/I:P/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mutt< mutt 1.5.13-1.1 (bookworm)

▶Debianmutt/mutt< 1.5.13-1.1+3

▶NVDmutt/mutt1.5.12+23

🔴Vulnerability Details

GHSA

GHSA-c2x8-j25c-mhfm: The mutt_adv_mktemp function in the Mutt mail client 1↗2022-05-01

▶

OSV

CVE-2006-5298: The mutt_adv_mktemp function in the Mutt mail client 1↗2006-10-16

▶

📋Vendor Advisories

Ubuntu

mutt vulnerabilities↗2006-11-01

▶

Debian

CVE-2006-5298: mutt - The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not...↗2006

▶

Red Hat

CVE-2006-5298: The mutt_adv_mktemp function in the Mutt mail client 1↗

▶

💬Community

Bugzilla

CVE-2006-5297 Multiple mutt tempfile race conditions↗2007-07-20

▶

Bugzilla

CVE-2006-5297 Multiple mutt tempfile race conditions↗2006-10-17

▶