CVE-2006-5298

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

Affected Software

Name	Vendor	Start Version	End Version
Mutt	Mutt	*	1.5.12 (including)
Mutt	Mutt	0.95.6 (including)	0.95.6 (including)
Mutt	Mutt	1.2.1 (including)	1.2.1 (including)
Mutt	Mutt	1.2.5 (including)	1.2.5 (including)
Mutt	Mutt	1.2.5.1 (including)	1.2.5.1 (including)
Mutt	Mutt	1.2.5.4 (including)	1.2.5.4 (including)
Mutt	Mutt	1.2.5.5 (including)	1.2.5.5 (including)
Mutt	Mutt	1.2.5.12 (including)	1.2.5.12 (including)
Mutt	Mutt	1.2.5.12_ol (including)	1.2.5.12_ol (including)
Mutt	Mutt	1.3.12 (including)	1.3.12 (including)
Mutt	Mutt	1.3.12.1 (including)	1.3.12.1 (including)
Mutt	Mutt	1.3.16 (including)	1.3.16 (including)
Mutt	Mutt	1.3.17 (including)	1.3.17 (including)
Mutt	Mutt	1.3.22 (including)	1.3.22 (including)
Mutt	Mutt	1.3.24 (including)	1.3.24 (including)
Mutt	Mutt	1.3.25 (including)	1.3.25 (including)
Mutt	Mutt	1.3.27 (including)	1.3.27 (including)
Mutt	Mutt	1.3.28 (including)	1.3.28 (including)
Mutt	Mutt	1.4.0 (including)	1.4.0 (including)
Mutt	Mutt	1.4.1 (including)	1.4.1 (including)
Mutt	Mutt	1.4.2 (including)	1.4.2 (including)
Mutt	Mutt	1.4.2.1 (including)	1.4.2.1 (including)
Mutt	Mutt	1.5.3 (including)	1.5.3 (including)
Mutt	Mutt	1.5.10 (including)	1.5.10 (including)
Mutt	Ubuntu	dapper	*
Mutt	Ubuntu	devel	*
Mutt	Ubuntu	edgy	*
Mutt	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-5298
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References