Lucene search
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2007-0386.NASLHistoryJun 04, 2007 - 12:00 a.m.
CentOS 3 / 4 / 5 : mutt (CESA-2007:0386)
2007-06-0400:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
3.5 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:S/C:P/I:P/A:P
0.088 Low
EPSS
Percentile
94.6%
An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Mutt is a text-mode mail user agent.
A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297)
A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user’s authentication credentials. (CVE-2007-1558)
A flaw was found in the way Mutt handled certain characters in gecos fields which could lead to a buffer overflow. The gecos field is an entry in the password database typically used to record general information about the user. A local attacker could give themselves a carefully crafted ‘Real Name’ which could execute arbitrary code if a victim uses Mutt and expands the attackers alias. (CVE-2007-2683)
All users of mutt should upgrade to this updated package, which contains a backported patches to correct these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2007:0386 and
# CentOS Errata and Security Advisory 2007:0386 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(25403);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2006-5297", "CVE-2007-1558", "CVE-2007-2683");
script_bugtraq_id(23257);
script_xref(name:"RHSA", value:"2007:0386");
script_name(english:"CentOS 3 / 4 / 5 : mutt (CESA-2007:0386)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An updated mutt package that fixes several security bugs is now
available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Mutt is a text-mode mail user agent.
A flaw was found in the way Mutt used temporary files on NFS file
systems. Due to an implementation issue in the NFS protocol, Mutt was
not able to exclusively open a new file. A local attacker could
conduct a time-dependent attack and possibly gain access to e-mail
attachments opened by a victim. (CVE-2006-5297)
A flaw was found in the way Mutt processed certain APOP authentication
requests. By sending certain responses when mutt attempted to
authenticate against an APOP server, a remote attacker could
potentially acquire certain portions of a user's authentication
credentials. (CVE-2007-1558)
A flaw was found in the way Mutt handled certain characters in gecos
fields which could lead to a buffer overflow. The gecos field is an
entry in the password database typically used to record general
information about the user. A local attacker could give themselves a
carefully crafted 'Real Name' which could execute arbitrary code if a
victim uses Mutt and expands the attackers alias. (CVE-2007-2683)
All users of mutt should upgrade to this updated package, which
contains a backported patches to correct these issues."
);
# https://lists.centos.org/pipermail/centos-announce/2007-June/013868.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?dd0b0883"
);
# https://lists.centos.org/pipermail/centos-announce/2007-June/013869.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?9936db1e"
);
# https://lists.centos.org/pipermail/centos-announce/2007-June/013870.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?5cb89483"
);
# https://lists.centos.org/pipermail/centos-announce/2007-June/013871.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?51345981"
);
# https://lists.centos.org/pipermail/centos-announce/2007-June/013872.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?bb361ced"
);
# https://lists.centos.org/pipermail/centos-announce/2007-June/013873.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?cfe13dce"
);
# https://lists.centos.org/pipermail/centos-announce/2007-June/013874.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?74e7828b"
);
# https://lists.centos.org/pipermail/centos-announce/2007-June/013875.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?8e015e59"
);
script_set_attribute(attribute:"solution", value:"Update the affected mutt package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mutt");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/16");
script_set_attribute(attribute:"patch_publication_date", value:"2007/06/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/04");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x / 5.x", "CentOS " + os_ver);
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-3", reference:"mutt-1.4.1-5.el3")) flag++;
if (rpm_check(release:"CentOS-4", reference:"mutt-1.4.1-12.0.3.el4")) flag++;
if (rpm_check(release:"CentOS-5", reference:"mutt-1.4.2.2-3.0.2.el5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mutt");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683
www.nessus.org/u?51345981
www.nessus.org/u?5cb89483
www.nessus.org/u?74e7828b
www.nessus.org/u?8e015e59
www.nessus.org/u?9936db1e
www.nessus.org/u?bb361ced
www.nessus.org/u?cfe13dce
www.nessus.org/u?dd0b0883
Related
oraclelinux
oraclelinux
Moderate: mutt security update
2007-06-04 00:00:00
Moderate: fetchmail security update
2007-06-07 00:00:00
Moderate: evolution security update
2007-05-17 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0386)
2015-10-08 00:00:00
Fedora Update for mutt FEDORA-2007-540
2009-02-27 00:00:00
Fedora Update for mutt FEDORA-2007-540
2009-02-27 00:00:00
redhat
redhat
(RHSA-2007:0386) Moderate: mutt security update
2007-06-04 00:00:00
(RHSA-2007:0344) Moderate: evolution-data-server security update
2007-05-30 00:00:00
(RHSA-2007:0353) Moderate: evolution security update
2007-05-17 00:00:00
nessus
nessus
Scientific Linux Security Update : mutt on SL5.x, SL4.x, SL3.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 3 / 4 / 5 : mutt (ELSA-2007-0386)
2013-07-12 00:00:00
RHEL 3 / 4 / 5 : mutt (RHSA-2007:0386)
2007-06-04 00:00:00
centos
centos
mutt security update
2007-06-04 09:31:21
evolution security update
2007-05-31 10:11:00
fetchmail, fetchmailconf security update
2007-06-07 23:22:58
fedora
fedora
[SECURITY] Fedora Core 5 Update: mutt-1.4.2.1-8.fc5
2007-05-30 18:27:54
[SECURITY] Fedora Core 6 Update: mutt-1.4.2.3-1.fc6
2007-05-30 18:26:17
[SECURITY] Fedora 7 Update: mutt-1.5.14-4.fc7
2007-05-31 18:07:48
veracode
veracode
Privilege Escalation
2020-04-10 00:14:42
Arbitrary Code Execution
2020-04-10 00:14:43
Information Disclosure
2020-04-10 00:14:27
debiancve
debiancve
cve
cve
cvelist
cvelist
ubuntucve
ubuntucve
nvd
nvd
freebsd
freebsd
mutt -- buffer overflow vulnerability
2007-05-28 00:00:00
claws-mail -- APOP vulnerability
2007-04-02 00:00:00
fetchmail -- insecure APOP authentication
2007-04-06 00:00:00
prion
prion
Buffer overflow
2007-05-15 21:19:00
Code injection
2007-04-16 22:19:00
jvn
jvn
JVN#19445002 APOP password recovery vulnerability
2007-04-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package fetchmail version 6.3.8-alt1
2007-04-07 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-15
2007-06-01 00:00:00
Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
2007-06-05 00:00:00
mozilla
mozilla
Security Vulnerability in APOP Authentication — Mozilla
2007-05-30 00:00:00
ubuntu
ubuntu
mutt vulnerabilities
2006-11-01 00:00:00
fetchmail vulnerabilities
2007-09-26 00:00:00
Thunderbird vulnerabilities
2007-06-06 00:00:00
debian
debian
[SECURITY] [DSA 1305-1] New icedove packages fix several vulnerabilities
2007-06-13 17:34:11
[SECURITY] [DSA 1300-1] New iceape packages fix several vulnerabilities
2007-06-07 20:16:43
osv
osv
icedove - several vulnerabilities
2007-06-13 00:00:00
iceape
2007-06-07 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2007-06-19 00:00:00
suse
suse
remote code execution in mozilla,MozillaFirefox,MozillaThunderbird
2007-06-27 15:10:40
3.5 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:S/C:P/I:P/A:P
0.088 Low
EPSS
Percentile
94.6%
Related for CENTOS_RHSA-2007-0386.NASL