CVE-2006-5298

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

CVSS v2.0 1.2 LOW

1.2^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 1.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/22613
http://secunia.com/advisories/22640
http://www.ubuntu.com/usn/usn-373-1
http://secunia.com/advisories/22686
http://www.trustix.org/errata/2006/0061/
http://secunia.com/advisories/22685
http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
http://marc.info/?l=mutt-dev&m=115999486426292&w=2

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mutt:mutt:1.2.1:::::::*
	cpe:2.3:a:mutt:mutt:1.2.5:::::::*
	cpe:2.3:a:mutt:mutt:1.3.12.1:::::::*
	cpe:2.3:a:mutt:mutt:1.3.16:::::::*
	cpe:2.3:a:mutt:mutt:1.4.0:::::::*
	cpe:2.3:a:mutt:mutt:1.4.1:::::::*
	cpe:2.3:a:mutt:mutt:0.95.6:::::::*
	cpe:2.3:a:mutt:mutt:1.2.5.5:::::::*
	cpe:2.3:a:mutt:mutt:1.3.12:::::::*
	cpe:2.3:a:mutt:mutt:1.3.27:::::::*
	cpe:2.3:a:mutt:mutt:1.3.28:::::::*
	cpe:2.3:a:mutt:mutt:1.4.2.1:::::::*
	cpe:2.3:a:mutt:mutt:1.3.25:::::::*
	cpe:2.3:a:mutt:mutt::::::::
	cpe:2.3:a:mutt:mutt:1.3.22:::::::*
	cpe:2.3:a:mutt:mutt:1.2.5.12:::::::*
	cpe:2.3:a:mutt:mutt:1.2.5.1:::::::*
	cpe:2.3:a:mutt:mutt:1.2.5.4:::::::*
	cpe:2.3:a:mutt:mutt:1.3.24:::::::*
	cpe:2.3:a:mutt:mutt:1.4.2:::::::*
	cpe:2.3:a:mutt:mutt:1.3.17:::::::*
	cpe:2.3:a:mutt:mutt:1.5.3:::::::*
	cpe:2.3:a:mutt:mutt:1.2.5.12_ol:::::::*
	cpe:2.3:a:mutt:mutt:1.5.10:::::::*

Information

Published : 2006-10-16 12:07

Updated : 2016-10-17 20:41

NVD link : CVE-2006-5298

Mitre link : CVE-2006-5298

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

mutt

mutt

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/22613", "name": "22613", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22640", "name": "22640", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/usn-373-1", "name": "USN-373-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/22686", "name": "22686", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.trustix.org/errata/2006/0061/", "name": "2006-0061", "tags": [], "refsource": "TRUSTIX"}, {"url": "http://secunia.com/advisories/22685", "name": "22685", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190", "name": "MDKSA-2006:190", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://marc.info/?l=mutt-dev&m=115999486426292&w=2", "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5298", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-10-16T19:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:0.95.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.5.12"}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mutt:mutt:1.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T03:41Z"}