Vulnerability Description
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Notmuchmail | Notmuch | <= 0.11 |
| Gnu | Emacs | - |
Related Weaknesses (CWE)
References
- http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12ffExploitPatch
- http://notmuchmail.org/news/release-0.11.1/Vendor Advisory
- http://secunia.com/advisories/48139Vendor Advisory
- http://www.debian.org/security/2012/dsa-2416
- http://www.openwall.com/lists/oss-security/2012/03/04/5ExploitPatch
- http://www.openwall.com/lists/oss-security/2012/03/05/6ExploitPatch
- http://www.securityfocus.com/bid/52155
- http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12ffExploitPatch
- http://notmuchmail.org/news/release-0.11.1/Vendor Advisory
- http://secunia.com/advisories/48139Vendor Advisory
- http://www.debian.org/security/2012/dsa-2416
- http://www.openwall.com/lists/oss-security/2012/03/04/5ExploitPatch
- http://www.openwall.com/lists/oss-security/2012/03/05/6ExploitPatch
- http://www.securityfocus.com/bid/52155
FAQ
What is CVE-2012-1103?
CVE-2012-1103 is a vulnerability with a CVSS score of 4.3 (MEDIUM). emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an e...
How severe is CVE-2012-1103?
CVE-2012-1103 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1103?
Check the references section above for vendor advisories and patch information. Affected products include: Notmuchmail Notmuch, Gnu Emacs.