ID CVE-2006-5298
Summary The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.
References
Vulnerable Configurations
  • cpe:2.3:a:mutt:mutt:0.95.6
    cpe:2.3:a:mutt:mutt:0.95.6
  • cpe:2.3:a:mutt:mutt:1.2.1
    cpe:2.3:a:mutt:mutt:1.2.1
  • cpe:2.3:a:mutt:mutt:1.2.5
    cpe:2.3:a:mutt:mutt:1.2.5
  • cpe:2.3:a:mutt:mutt:1.2.5.1
    cpe:2.3:a:mutt:mutt:1.2.5.1
  • cpe:2.3:a:mutt:mutt:1.2.5.12
    cpe:2.3:a:mutt:mutt:1.2.5.12
  • cpe:2.3:a:mutt:mutt:1.2.5.12_ol
    cpe:2.3:a:mutt:mutt:1.2.5.12_ol
  • cpe:2.3:a:mutt:mutt:1.2.5.4
    cpe:2.3:a:mutt:mutt:1.2.5.4
  • cpe:2.3:a:mutt:mutt:1.2.5.5
    cpe:2.3:a:mutt:mutt:1.2.5.5
  • cpe:2.3:a:mutt:mutt:1.3.12
    cpe:2.3:a:mutt:mutt:1.3.12
  • cpe:2.3:a:mutt:mutt:1.3.12.1
    cpe:2.3:a:mutt:mutt:1.3.12.1
  • cpe:2.3:a:mutt:mutt:1.3.16
    cpe:2.3:a:mutt:mutt:1.3.16
  • cpe:2.3:a:mutt:mutt:1.3.17
    cpe:2.3:a:mutt:mutt:1.3.17
  • cpe:2.3:a:mutt:mutt:1.3.22
    cpe:2.3:a:mutt:mutt:1.3.22
  • cpe:2.3:a:mutt:mutt:1.3.24
    cpe:2.3:a:mutt:mutt:1.3.24
  • cpe:2.3:a:mutt:mutt:1.3.25
    cpe:2.3:a:mutt:mutt:1.3.25
  • cpe:2.3:a:mutt:mutt:1.3.27
    cpe:2.3:a:mutt:mutt:1.3.27
  • cpe:2.3:a:mutt:mutt:1.3.28
    cpe:2.3:a:mutt:mutt:1.3.28
  • cpe:2.3:a:mutt:mutt:1.4.0
    cpe:2.3:a:mutt:mutt:1.4.0
  • cpe:2.3:a:mutt:mutt:1.4.1
    cpe:2.3:a:mutt:mutt:1.4.1
  • cpe:2.3:a:mutt:mutt:1.4.2
    cpe:2.3:a:mutt:mutt:1.4.2
  • cpe:2.3:a:mutt:mutt:1.4.2.1
    cpe:2.3:a:mutt:mutt:1.4.2.1
  • Mutt 1.5.10
    cpe:2.3:a:mutt:mutt:1.5.10
  • Mutt 1.5.3
    cpe:2.3:a:mutt:mutt:1.5.3
  • Mutt 1.5.12
    cpe:2.3:a:mutt:mutt:1.5.12
CVSS
Base: 1.2 (as of 17-10-2006 - 09:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-373-1.NASL
    description Race conditions were discovered in mutt's handling of temporary files. Under certain conditions when using a shared temp directory (the default), other local users could overwrite arbitrary files owned by the user running mutt. This vulnerability is more likely when the temp directory is over NFS. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27954
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27954
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : mutt vulnerabilities (USN-373-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-190.NASL
    description A race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. (CVE-2006-5297) The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. (CVE-2006-5298) Updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24575
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24575
    title Mandrake Linux Security Advisory : mutt (MDKSA-2006:190)
refmap via4
mandriva MDKSA-2006:190
mlist [mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]
secunia
  • 22613
  • 22640
  • 22685
  • 22686
trustix 2006-0061
ubuntu USN-373-1
statements via4
contributor Joshua Bressers
lastmodified 2007-09-07
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Last major update 17-10-2016 - 23:41
Published 16-10-2006 - 15:07
Back to Top