CVE Vulnerabilities

CVE-2006-5298

Published: Oct 16, 2006 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.2 LOW
AV:L/AC:H/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

Affected Software

Name Vendor Start Version End Version
Mutt Mutt * 1.5.12 (including)
Mutt Mutt 0.95.6 (including) 0.95.6 (including)
Mutt Mutt 1.2.1 (including) 1.2.1 (including)
Mutt Mutt 1.2.5 (including) 1.2.5 (including)
Mutt Mutt 1.2.5.1 (including) 1.2.5.1 (including)
Mutt Mutt 1.2.5.4 (including) 1.2.5.4 (including)
Mutt Mutt 1.2.5.5 (including) 1.2.5.5 (including)
Mutt Mutt 1.2.5.12 (including) 1.2.5.12 (including)
Mutt Mutt 1.2.5.12_ol (including) 1.2.5.12_ol (including)
Mutt Mutt 1.3.12 (including) 1.3.12 (including)
Mutt Mutt 1.3.12.1 (including) 1.3.12.1 (including)
Mutt Mutt 1.3.16 (including) 1.3.16 (including)
Mutt Mutt 1.3.17 (including) 1.3.17 (including)
Mutt Mutt 1.3.22 (including) 1.3.22 (including)
Mutt Mutt 1.3.24 (including) 1.3.24 (including)
Mutt Mutt 1.3.25 (including) 1.3.25 (including)
Mutt Mutt 1.3.27 (including) 1.3.27 (including)
Mutt Mutt 1.3.28 (including) 1.3.28 (including)
Mutt Mutt 1.4.0 (including) 1.4.0 (including)
Mutt Mutt 1.4.1 (including) 1.4.1 (including)
Mutt Mutt 1.4.2 (including) 1.4.2 (including)
Mutt Mutt 1.4.2.1 (including) 1.4.2.1 (including)
Mutt Mutt 1.5.3 (including) 1.5.3 (including)
Mutt Mutt 1.5.10 (including) 1.5.10 (including)
Mutt Ubuntu dapper *
Mutt Ubuntu devel *
Mutt Ubuntu edgy *
Mutt Ubuntu feisty *

References