Mandrake Linux Security Advisory : mutt (MDKSA-2006:190)

low Nessus Plugin ID 24575

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
(CVE-2006-5297)

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. (CVE-2006-5298)

Updated packages have been patched to correct these issues.

Solution

Update the affected mutt and / or mutt-utf8 packages.

Plugin Details

Severity: Low

ID: 24575

File Name: mandrake_MDKSA-2006-190.nasl

Version: 1.16

Type: local

Family: Mandriva Local Security Checks

Published: 2/18/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 1.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mutt, p-cpe:/a:mandriva:linux:mutt-utf8, cpe:/o:mandriva:linux:2006, cpe:/o:mandriva:linux:2007

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 10/27/2006

Reference Information

CVE: CVE-2006-5297, CVE-2006-5298

MDKSA: 2006:190

Detections

Analytics