ID CVE-2006-5297
Summary Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. Race Condition occurs when creating temporary files in an NFS filesystem.
References
Vulnerable Configurations
  • cpe:2.3:a:mutt:mutt:0.95.6:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:0.95.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.5.12:*:*:*:*:*:*:*
CVSS
Base: 1.2 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:H/Au:N/C:N/I:P/A:N
oval via4
accepted 2013-04-29T04:07:00.415-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
family unix
id oval:org.mitre.oval:def:10601
status accepted
submitted 2010-07-09T03:56:16-04:00
title Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
version 30
redhat via4
advisories
rhsa
id RHSA-2007:0386
rpms
  • mutt-5:1.4.1-12.0.3.el4
  • mutt-5:1.4.1-5.el3
  • mutt-5:1.4.2.2-3.0.2.el5
  • mutt-debuginfo-5:1.4.1-12.0.3.el4
  • mutt-debuginfo-5:1.4.1-5.el3
  • mutt-debuginfo-5:1.4.2.2-3.0.2.el5
refmap via4
bid 20733
mandriva MDKSA-2006:190
mlist [mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]
secunia
  • 22613
  • 22640
  • 22685
  • 22686
  • 25529
trustix 2006-0061
ubuntu USN-373-1
vupen ADV-2006-4176
statements via4
contributor Joshua Bressers
lastmodified 2007-09-07
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Last major update 11-10-2017 - 01:31
Published 16-10-2006 - 19:07
Last modified 11-10-2017 - 01:31
Back to Top