CVE-2006-5298
EPSS 0.06%
Description
The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.
How to fix CVE-2006-5298
To remediate CVE-2006-5298, upgrade the affected package to a fixed version below.
- Debian/mutt—upgrade to 1.5.13-1.1 or later
Is CVE-2006-5298 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.5.13-1.1