[email protected]CVE-2007-2683

HistoryMay 15, 2007 - 9:19 p.m.

CVE-2007-2683

2007-05-1521:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2683

buffer overflow

mutt 1.4.2

gecos field

alias expansion

nvd

3.5 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via “&” characters in the GECOS field, which triggers the overflow during alias expansion.

Affected configurations

NVD

Node

muttmuttMatch1.4.2

CPENameOperatorVersion
mutt:muttmutteq1.4.2

CPE	Name	Operator	Version
mutt:mutt	mutt	eq	1.4.2

References

dev.mutt.org/trac/ticket/2885

osvdb.org/34973

secunia.com/advisories/25408

secunia.com/advisories/25515

secunia.com/advisories/25529

secunia.com/advisories/25546

secunia.com/advisories/26415

www.mandriva.com/security/advisories?name=MDKSA-2007:113

www.redhat.com/support/errata/RHSA-2007-0386.html

www.securityfocus.com/bid/24192

www.securitytracker.com/id?1018066

www.trustix.org/errata/2007/0024/

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890

exchange.xforce.ibmcloud.com/vulnerabilities/34441

issues.rpath.com/browse/RPL-1391

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543

3.5 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2007-2683

openvas11 freebsd1 prion1 cvelist1 veracode1 nessus9 ubuntucve1 debiancve1 nvd1 fedora3 redhat1 oraclelinux1 centos1