Vulnerability Description
The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mutt | Mutt | <= 1.5.12 |
References
- http://marc.info/?l=mutt-dev&m=115999486426292&w=2
- http://secunia.com/advisories/22613
- http://secunia.com/advisories/22640
- http://secunia.com/advisories/22685
- http://secunia.com/advisories/22686
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
- http://www.trustix.org/errata/2006/0061/
- http://www.ubuntu.com/usn/usn-373-1
- http://marc.info/?l=mutt-dev&m=115999486426292&w=2
- http://secunia.com/advisories/22613
- http://secunia.com/advisories/22640
- http://secunia.com/advisories/22685
- http://secunia.com/advisories/22686
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
- http://www.trustix.org/errata/2006/0061/
FAQ
What is CVE-2006-5298?
CVE-2006-5298 is a vulnerability with a CVSS score of 1.2 (LOW). The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to cr...
How severe is CVE-2006-5298?
CVE-2006-5298 has been rated LOW with a CVSS base score of 1.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5298?
Check the references section above for vendor advisories and patch information. Affected products include: Mutt Mutt.