Veracode Vulnerability DatabaseVERACODE:23060Privilege Escalation
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
mutt is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mutt | eq | 1.4.1__11.rhel4 | |
| mutt | eq | 1.4.1__3.5.rhel3 | |
| mutt | eq | 1.4.1__12.el4 | |
| mutt | eq | 1.4.2.2__3.el5 | |
| mutt | eq | 1.4.1__11.rhel4 | |
| mutt | eq | 1.4.1__3.5.rhel3 | |
| mutt | eq | 1.4.1__12.el4 | |
| mutt | eq | 1.4.2.2__3.el5 |
References
marc.info/?l=mutt-dev&m=115999486426292&w=2
secunia.com/advisories/22613
secunia.com/advisories/22640
secunia.com/advisories/22685
secunia.com/advisories/22686
secunia.com/advisories/25529
www.mandriva.com/security/advisories?name=MDKSA-2006:190
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2007-0386.html
www.securityfocus.com/bid/20733
www.trustix.org/errata/2006/0061/
www.ubuntu.com/usn/usn-373-1
www.vupen.com/english/advisories/2006/4176
access.redhat.com/errata/RHSA-2007:0386
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601
Related
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N