Description of problem: Mutt contains two race condition issues in its temporary file handling system. First one is caused by O_EXCL problem on NFS volumes (CVE-2006-5297). Second one is lack of check of file mode and ownership of temporary file after file creation attempt (CVE-2006-5298). Version-Release number of selected component (if applicable): All mutt versions prior to 1.5.12 mutt 1.4.1-12.el4 How reproducible: Racing with mutt wile it attempts to create and use a temporary file. Fix: This [1] is how was the issue fixed in mutt's CVS, following the discussion and patch proposal in mutt-dev mailing list [2]. Eventually review. [1] http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/lib.c?r1=3.20&r2=3.21 [2] http://marc.theaimsgroup.com/?l=mutt-dev&m=115999486426292&w=2
Also Affects RHEL 2.1, RHEL 3, RHEL 4, and FC 1 to FC 5.
The O_EXCL on NFS issue fixed in FC5, FC6, devel. The second issue is not actually a bug as explained later in the mailing list.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0386.html