CVE-2006-5297

Description

Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.

How to fix CVE-2006-5297

To remediate CVE-2006-5297, upgrade the affected package to a fixed version below.

• Debian/mutt—upgrade to 1.5.13-1.1 or later

Is CVE-2006-5297 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.5.13-1.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-5297