Lucene search

K
cve[email protected]CVE-2006-5298
HistoryOct 16, 2006 - 7:07 p.m.

CVE-2006-5298

2006-10-1619:07:00
NVD-CWE-Other
web.nvd.nist.gov
27
mutt mail client
cve-2006-5298
file permissions
local users
race condition
security vulnerability

6.4 Medium

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

6.4 Medium

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

Related for CVE-2006-5298