Bug 211085 (CVE-2006-5297) - CVE-2006-5297 Multiple mutt tempfile race conditions
Summary: CVE-2006-5297 Multiple mutt tempfile race conditions
Alias: CVE-2006-5297
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Miroslav Lichvar
QA Contact:
URL: http://marc.theaimsgroup.com/?l=mutt-...
Whiteboard: source=mutt-dev,reported=20061004,imp...
Keywords: Security
Depends On: 838048
Blocks: 213274
TreeView+ depends on / blocked
Reported: 2006-10-17 09:18 UTC by Lubomir Kundrak
Modified: 2019-06-08 12:18 UTC (History)
0 users

Clone Of:
Last Closed: 2007-06-04 08:03:39 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0386 normal SHIPPED_LIVE Moderate: mutt security update 2008-01-07 22:02:34 UTC

Description Lubomir Kundrak 2006-10-17 09:18:34 UTC
Description of problem:

Mutt contains two race condition issues in its temporary file handling system.
First one is caused by O_EXCL problem on NFS volumes (CVE-2006-5297). Second one
is lack of check of file mode and ownership of temporary file after file
creation attempt (CVE-2006-5298).                                              

Version-Release number of selected component (if applicable):

All mutt versions prior to 1.5.12
mutt 1.4.1-12.el4

How reproducible:

Racing with mutt wile it attempts to create and use a temporary file.

This [1] is how was the issue fixed in mutt's CVS, following the discussion and
patch proposal in mutt-dev mailing list [2]. Eventually review.

[1] http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/lib.c?r1=3.20&r2=3.21
[2] http://marc.theaimsgroup.com/?l=mutt-dev&m=115999486426292&w=2

Comment 1 Lubomir Kundrak 2006-10-17 09:30:22 UTC
Also Affects RHEL 2.1, RHEL 3, RHEL 4, and FC 1 to FC 5.

Comment 2 Miroslav Lichvar 2006-10-24 16:03:36 UTC
The O_EXCL on NFS issue fixed in FC5, FC6, devel.

The second issue is not actually a bug as explained later in the mailing list.

Comment 7 Red Hat Bugzilla 2007-06-04 08:03:39 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.