Mandrake Linux Security Advisory : mutt (MDKSA-2006:190)

Low Nessus Plugin ID 24575


The remote Mandrake Linux host is missing one or more security updates.


A race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. (CVE-2006-5298)

Updated packages have been patched to correct these issues.


Update the affected mutt and / or mutt-utf8 packages.

Plugin Details

Severity: Low

ID: 24575

File Name: mandrake_MDKSA-2006-190.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2007/02/18

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 1.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mutt, p-cpe:/a:mandriva:linux:mutt-utf8, cpe:/o:mandriva:linux:2006, cpe:/o:mandriva:linux:2007

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2006/10/27

Reference Information

CVE: CVE-2006-5297, CVE-2006-5298

MDKSA: 2006:190