CVE-2006-5297

critical

Description

Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601

http://www.vupen.com/english/advisories/2006/4176

http://www.ubuntu.com/usn/usn-373-1

http://www.trustix.org/errata/2006/0061/

http://www.securityfocus.com/bid/20733

http://www.redhat.com/support/errata/RHSA-2007-0386.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:190

http://secunia.com/advisories/25529

http://secunia.com/advisories/22686

http://secunia.com/advisories/22685

http://secunia.com/advisories/22640

http://secunia.com/advisories/22613

http://marc.info/?l=mutt-dev&m=115999486426292&w=2

Details

Source: Mitre, NVD

Published: 2006-10-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 1.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical