Search for vulnerabilities
Vulnerability details: VCID-k754-95qc-aaas
Vulnerability ID VCID-k754-95qc-aaas
Aliases CVE-2006-5297
Summary Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0386
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2006-5297
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=211085
cvssv2 1.2 https://nvd.nist.gov/vuln/detail/CVE-2006-5297
Reference id Reference type URL
http://marc.info/?l=mutt-dev&m=115999486426292&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5297.json
https://api.first.org/data/v1/epss?cve=CVE-2006-5297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5297
http://secunia.com/advisories/22613
http://secunia.com/advisories/22640
http://secunia.com/advisories/22685
http://secunia.com/advisories/22686
http://secunia.com/advisories/25529
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601
http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.securityfocus.com/bid/20733
http://www.trustix.org/errata/2006/0061/
http://www.ubuntu.com/usn/usn-373-1
http://www.vupen.com/english/advisories/2006/4176
211085 https://bugzilla.redhat.com/show_bug.cgi?id=211085
396104 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396104
cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:0.95.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:0.95.6:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.2.5.12:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.2.5.12_ol:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.4.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:mutt:mutt:1.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.5.3:*:*:*:*:*:*:*
CVE-2006-5297 https://nvd.nist.gov/vuln/detail/CVE-2006-5297
RHSA-2007:0386 https://access.redhat.com/errata/RHSA-2007:0386
USN-373-1 https://usn.ubuntu.com/373-1/
No exploits are available.
Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2006-5297
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.10982
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.