Vulnerability Details CVE-2006-5297
Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.6%
CVSS Severity
CVSS v2 Score 1.2
References
- http://marc.info/?l=mutt-dev&m=115999486426292&w=2
- http://secunia.com/advisories/22613
- http://secunia.com/advisories/22640
- http://secunia.com/advisories/22685
- http://secunia.com/advisories/22686
- http://secunia.com/advisories/25529
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
- http://www.redhat.com/support/errata/RHSA-2007-0386.html
- http://www.securityfocus.com/bid/20733
- http://www.trustix.org/errata/2006/0061/
- http://www.ubuntu.com/usn/usn-373-1
- http://www.vupen.com/english/advisories/2006/4176
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601
- http://marc.info/?l=mutt-dev&m=115999486426292&w=2
- http://secunia.com/advisories/22613
- http://secunia.com/advisories/22640
- http://secunia.com/advisories/22685
- http://secunia.com/advisories/22686
- http://secunia.com/advisories/25529
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
- http://www.redhat.com/support/errata/RHSA-2007-0386.html
- http://www.securityfocus.com/bid/20733
- http://www.trustix.org/errata/2006/0061/
- http://www.ubuntu.com/usn/usn-373-1
- http://www.vupen.com/english/advisories/2006/4176
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601
Products affected by CVE-2006-5297
-
cpe:2.3:a:mutt:mutt:0.95.6
-
cpe:2.3:a:mutt:mutt:1.2.1
-
cpe:2.3:a:mutt:mutt:1.2.5
-
cpe:2.3:a:mutt:mutt:1.2.5.1
-
cpe:2.3:a:mutt:mutt:1.2.5.12
-
cpe:2.3:a:mutt:mutt:1.2.5.12_ol
-
cpe:2.3:a:mutt:mutt:1.2.5.4
-
cpe:2.3:a:mutt:mutt:1.2.5.5
-
cpe:2.3:a:mutt:mutt:1.3.12
-
cpe:2.3:a:mutt:mutt:1.3.12.1
-
cpe:2.3:a:mutt:mutt:1.3.16
-
cpe:2.3:a:mutt:mutt:1.3.17
-
cpe:2.3:a:mutt:mutt:1.3.22
-
cpe:2.3:a:mutt:mutt:1.3.24
-
cpe:2.3:a:mutt:mutt:1.3.25
-
cpe:2.3:a:mutt:mutt:1.3.27
-
cpe:2.3:a:mutt:mutt:1.3.28
-
cpe:2.3:a:mutt:mutt:1.4.0
-
cpe:2.3:a:mutt:mutt:1.4.1
-
cpe:2.3:a:mutt:mutt:1.4.2
-
cpe:2.3:a:mutt:mutt:1.4.2.1
-
cpe:2.3:a:mutt:mutt:1.5
-
cpe:2.3:a:mutt:mutt:1.5.1
-
cpe:2.3:a:mutt:mutt:1.5.10
-
cpe:2.3:a:mutt:mutt:1.5.11
-
cpe:2.3:a:mutt:mutt:1.5.12
-
cpe:2.3:a:mutt:mutt:1.5.2
-
cpe:2.3:a:mutt:mutt:1.5.3
-
cpe:2.3:a:mutt:mutt:1.5.4
-
cpe:2.3:a:mutt:mutt:1.5.5
-
cpe:2.3:a:mutt:mutt:1.5.6
-
cpe:2.3:a:mutt:mutt:1.5.7
-
cpe:2.3:a:mutt:mutt:1.5.8
-
cpe:2.3:a:mutt:mutt:1.5.9