Bug 211085 (CVE-2006-5297) - CVE-2006-5297 Multiple mutt tempfile race conditions
Summary: CVE-2006-5297 Multiple mutt tempfile race conditions
Status: CLOSED ERRATA
Alias: CVE-2006-5297
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Miroslav Lichvar
QA Contact:
URL: http://marc.theaimsgroup.com/?l=mutt-...
Whiteboard: source=mutt-dev,reported=20061004,imp...
Keywords: Security
Depends On: 838048
Blocks: 213274
TreeView+ depends on / blocked
 
Reported: 2006-10-17 09:18 UTC by Lubomir Kundrak
Modified: 2019-06-08 12:18 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2007-06-04 08:03:39 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0386 normal SHIPPED_LIVE Moderate: mutt security update 2008-01-07 22:02:34 UTC

Description Lubomir Kundrak 2006-10-17 09:18:34 UTC
Description of problem:

Mutt contains two race condition issues in its temporary file handling system.
First one is caused by O_EXCL problem on NFS volumes (CVE-2006-5297). Second one
is lack of check of file mode and ownership of temporary file after file
creation attempt (CVE-2006-5298).                                              
                                        

Version-Release number of selected component (if applicable):

All mutt versions prior to 1.5.12
mutt 1.4.1-12.el4

How reproducible:

Racing with mutt wile it attempts to create and use a temporary file.
  
Fix:

This [1] is how was the issue fixed in mutt's CVS, following the discussion and
patch proposal in mutt-dev mailing list [2]. Eventually review.

[1] http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/lib.c?r1=3.20&r2=3.21
[2] http://marc.theaimsgroup.com/?l=mutt-dev&m=115999486426292&w=2

Comment 1 Lubomir Kundrak 2006-10-17 09:30:22 UTC
Also Affects RHEL 2.1, RHEL 3, RHEL 4, and FC 1 to FC 5.

Comment 2 Miroslav Lichvar 2006-10-24 16:03:36 UTC
The O_EXCL on NFS issue fixed in FC5, FC6, devel.

The second issue is not actually a bug as explained later in the mailing list.

Comment 7 Red Hat Bugzilla 2007-06-04 08:03:39 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0386.html



Note You need to log in before you can comment on or make changes to this bug.