CVE-2006-5298

medium

Description

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

References

http://www.ubuntu.com/usn/usn-373-1

http://www.trustix.org/errata/2006/0061/

http://www.mandriva.com/security/advisories?name=MDKSA-2006:190

http://secunia.com/advisories/22686

http://secunia.com/advisories/22685

http://secunia.com/advisories/22640

http://secunia.com/advisories/22613

http://marc.info/?l=mutt-dev&m=115999486426292&w=2

Details

Source: Mitre, NVD

Published: 2006-10-16

Updated: 2016-10-18

Risk Information

CVSS v2

Base Score: 1.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.3

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: Medium