CVE-2006-5298: Race Condition
First published: Mon Oct 16 2006(Updated: )
The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mutt | =1.3.12.1 | |
| Mutt | =1.2.5.5 | |
| Mutt | =0.95.6 | |
| Mutt | =1.3.27 | |
| Mutt | =1.4.2.1 | |
| Mutt | =1.3.16 | |
| Mutt | =1.2.5 | |
| Mutt | =1.3.25 | |
| Mutt | =1.4.1 | |
| Mutt | <=1.5.12 | |
| Mutt | =1.3.22 | |
| Mutt | =1.2.5.12 | |
| Mutt | =1.2.5.1 | |
| Mutt | =1.2.5.4 | |
| Mutt | =1.3.28 | |
| Mutt | =1.3.24 | |
| Mutt | =1.4.0 | |
| Mutt | =1.2.1 | |
| Mutt | =1.4.2 | |
| Mutt | =1.3.17 | |
| Mutt | =1.5.3 | |
| Mutt | =1.2.5.12_ol | |
| Mutt | =1.3.12 | |
| Mutt | =1.5.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/22613
- http://secunia.com/advisories/22640
- http://www.ubuntu.com/usn/usn-373-1
- http://secunia.com/advisories/22686
- http://www.trustix.org/errata/2006/0061/
- http://secunia.com/advisories/22685
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
- http://marc.info/?l=mutt-dev&m=115999486426292&w=2
Frequently Asked Questions
What is the severity of CVE-2006-5298?
CVE-2006-5298 is considered to have a moderate severity due to the potential for local users to exploit file permissions.
How do I fix CVE-2006-5298?
To mitigate CVE-2006-5298, update Mutt to version 1.5.12 or later where the issue is resolved.
Which versions of Mutt are affected by CVE-2006-5298?
CVE-2006-5298 affects Mutt versions prior to 1.5.12, including versions like 1.3.12 and 1.4.2.1.
What type of vulnerability is CVE-2006-5298?
CVE-2006-5298 is a local file permission vulnerability caused by a race condition.
Can a remote attacker exploit CVE-2006-5298?
No, CVE-2006-5298 can only be exploited by local users who have access to the affected system.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mutt
- canonical/mutt
- version/mutt/1.3.12.1
- version/mutt/1.2.5.5
- version/mutt/0.95.6
- version/mutt/1.3.27
- version/mutt/1.4.2.1
- version/mutt/1.3.16
- version/mutt/1.2.5
- version/mutt/1.3.25
- version/mutt/1.4.1
- version/mutt/1.5.12
- version/mutt/1.3.22
- version/mutt/1.2.5.12
- version/mutt/1.2.5.1
- version/mutt/1.2.5.4
- version/mutt/1.3.28
- version/mutt/1.3.24
- version/mutt/1.4.0
- version/mutt/1.2.1
- version/mutt/1.4.2
- version/mutt/1.3.17
- version/mutt/1.5.3
- version/mutt/1.2.5.12_ol
- version/mutt/1.3.12
- version/mutt/1.5.10