CVE-2006-5297

Sažetak

Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.

Reference

http://marc.info/?l=mutt-dev&m=115999486426292&w=2
http://secunia.com/advisories/22613
http://secunia.com/advisories/22640
http://secunia.com/advisories/22685
http://secunia.com/advisories/22686
http://secunia.com/advisories/25529
http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.securityfocus.com/bid/20733
http://www.trustix.org/errata/2006/0061/
http://www.ubuntu.com/usn/usn-373-1
http://www.vupen.com/english/advisories/2006/4176
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601

CVSS

Base:	1.2
Impact:	2.9
Exploitability:	1.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:H/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:31

Objavljeno

16-10-2006 - 19:07