CVE-2007-2683
published 2007-05-15CVE-2007-2683: Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias…
PriorityP420low3.5CVSS 2.0
AVLACHAuSCPIPAP
EXPLOIT
EPSS
0.81%
52.2th percentile
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mutt | < mutt 1.5.15+20070608-1 (bookworm) | mutt 1.5.15+20070608-1 (bookworm) |
| mutt | mutt | — | — |
| mutt | mutt | >= 0 < 1.5.15+20070608-1 | 1.5.15+20070608-1 |
| mutt | mutt | >= 0 < 1.5.15+20070608-1 | 1.5.15+20070608-1 |
| mutt | mutt | >= 0 < 1.5.15+20070608-1 | 1.5.15+20070608-1 |
| mutt | mutt | >= 0 < 1.5.15+20070608-1 | 1.5.15+20070608-1 |
CVSS provenance
nvdv2.03.5LOWAV:L/AC:H/Au:S/C:P/I:P/A:P
osv3.5LOW
vendor_debian3.5LOW
vendor_redhat3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Buffer overflow in mutt's gecos structure handling
vendor_redhat·2007-05-11·CVSS 3.5
CVE-2007-2683 [LOW] Buffer overflow in mutt's gecos structure handling
Buffer overflow in mutt's gecos structure handling
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
Debian
CVE-2007-2683: mutt - Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code ...
vendor_debian·2007·CVSS 3.5
CVE-2007-2683 [LOW] CVE-2007-2683: mutt - Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code ...
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
Scope: local
bookworm: resolved (fixed in 1.5.15+20070608-1)
bullseye: resolved (fixed in 1.5.15+20070608-1)
forky: resolved (fixed in 1.5.15+20070608-1)
sid: resolved (fixed in 1.5.15+20070608-1)
trixie: resolved (fixed in 1.5.15+20070608-1)
GHSA
GHSA-c6h8-qr22-65qm: Buffer overflow in Mutt 1
ghsa_unreviewed·2022-05-01
CVE-2007-2683 [LOW] GHSA-c6h8-qr22-65qm: Buffer overflow in Mutt 1
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
OSV
CVE-2007-2683: Buffer overflow in Mutt 1
osv·2007-05-15·CVSS 3.5
CVE-2007-2683 [LOW] CVE-2007-2683: Buffer overflow in Mutt 1
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
No detection rules found.
Bugzilla
CVE-2006-5297 Multiple mutt tempfile race conditions
bugzilla·2007-07-20·CVSS 1.2
CVE-2006-5297 [LOW] CVE-2006-5297 Multiple mutt tempfile race conditions
CVE-2006-5297 Multiple mutt tempfile race conditions
Clone for RHEL2.1
+++ This bug was initially created as a clone of Bug #211085 +++
Description of problem:
Mutt contains two race condition issues in its temporary file handling system.
First one is caused by O_EXCL problem on NFS volumes (CVE-2006-5297). Second one
is lack of check of file mode and ownership of temporary file after file
creation attempt (CVE-2006-5298).
Version-Release number of selected component (if applicable):
All mutt versions prior to 1.5.12
mutt 1.4.1-12.el4
How reproducible:
Racing with mutt wile it attempts to create and use a temporary file.
Fix:
This [1] is how was the issue fixed in mutt's CVS, following the discussion and
patch proposal in mutt-dev mailing list [2]. Eventually review.
[1] http:/
Bugzilla
CVE-2007-2683 Buffer overflow in mutt's gecos structure handling
bugzilla·2007-05-11·CVSS 3.5
CVE-2007-2683 [LOW] CVE-2007-2683 Buffer overflow in mutt's gecos structure handling
CVE-2007-2683 Buffer overflow in mutt's gecos structure handling
Description of problem:
An overflow can be caused when mutt tries to expand "&" in real name
gecos field to uppercase login, and real name string length plus login name
length is more than 256 characters.
This can be reached viea two vectors -- at startup, it expands the real name of
the user launching mutt. This is only under control of the user, so to exploit
it he would have to voluntarily malform his real name field, all he'll get
would be to execute code as himself. No security impact here.
Second vector is alias expansion. If mutt user has an alias for a
local user, in form 'alias aliasname username # and thus not "alias aliasname
User Name "' mutt does exactly the same thing for username. It is
questionable how lik
http://dev.mutt.org/trac/ticket/2885http://osvdb.org/34973http://secunia.com/advisories/25408http://secunia.com/advisories/25515http://secunia.com/advisories/25529http://secunia.com/advisories/25546http://secunia.com/advisories/26415http://www.mandriva.com/security/advisories?name=MDKSA-2007:113http://www.redhat.com/support/errata/RHSA-2007-0386.htmlhttp://www.securityfocus.com/bid/24192http://www.securitytracker.com/id?1018066http://www.trustix.org/errata/2007/0024/https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890https://exchange.xforce.ibmcloud.com/vulnerabilities/34441https://issues.rpath.com/browse/RPL-1391https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543http://dev.mutt.org/trac/ticket/2885http://osvdb.org/34973http://secunia.com/advisories/25408http://secunia.com/advisories/25515http://secunia.com/advisories/25529http://secunia.com/advisories/25546http://secunia.com/advisories/26415http://www.mandriva.com/security/advisories?name=MDKSA-2007:113http://www.redhat.com/support/errata/RHSA-2007-0386.htmlhttp://www.securityfocus.com/bid/24192http://www.securitytracker.com/id?1018066http://www.trustix.org/errata/2007/0024/https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890https://exchange.xforce.ibmcloud.com/vulnerabilities/34441https://issues.rpath.com/browse/RPL-1391https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543
2007-05-15
Published