CVE-2006-5297 - Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating t

CVE-2006-5297

Summary

Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. Race Condition occurs when creating temporary files in an NFS filesystem.

References

Vulnerable Configurations

cpe:2.3:a:mutt:mutt:0.95.6:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:0.95.6:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.11:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.11:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.12:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.12:*:*:*:*:*:*:*

CVSS

Base:	1.2 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:H/Au:N/C:N/I:P/A:N

oval via4

accepted

2013-04-29T04:07:00.415-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10601

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2007:0386

rpms

mutt-5:1.4.1-12.0.3.el4
mutt-5:1.4.1-5.el3
mutt-5:1.4.2.2-3.0.2.el5
mutt-debuginfo-5:1.4.1-12.0.3.el4
mutt-debuginfo-5:1.4.1-5.el3
mutt-debuginfo-5:1.4.2.2-3.0.2.el5

refmap via4

bid	20733
mandriva	MDKSA-2006:190
mlist	[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]
secunia	22613 22640 22685 22686 25529
trustix	2006-0061
ubuntu	USN-373-1
vupen	ADV-2006-4176

statements via4

contributor	Joshua Bressers
lastmodified	2007-09-07
organization	Red Hat
statement	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.

Last major update

11-10-2017 - 01:31

Published

16-10-2006 - 19:07

Last modified

11-10-2017 - 01:31