CVE-2006-5298

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

Score1.2
Access VectorLOCAL
Access ComplexityHIGH
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactNONE
Published2006-10-16 03:07:00.000-04
Last Modified2016-10-17 11:41:21.000-04

Vulnerable Software List

VendorProductVersions
Mutt Mutt 0.95.6, 1.2.1, 1.2.5, 1.2.5.1, 1.2.5.12, 1.2.5.12 ol, 1.2.5.4, 1.2.5.5, 1.3.12, 1.3.12.1, 1.3.16, 1.3.17, 1.3.22

References

SourceLink
MLIST[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]
MANDRIVAMDKSA-2006:190
TRUSTIX2006-0061
UBUNTUUSN-373-1