CVE-2006-5298

Sažetak

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

Reference

http://marc.info/?l=mutt-dev&m=115999486426292&w=2
http://secunia.com/advisories/22613
http://secunia.com/advisories/22640
http://secunia.com/advisories/22685
http://secunia.com/advisories/22686
http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
http://www.trustix.org/errata/2006/0061/
http://www.ubuntu.com/usn/usn-373-1

CVSS

Base:	1.2
Impact:	2.9
Exploitability:	1.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:H/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

18-10-2016 - 03:41

Objavljeno

16-10-2006 - 19:07