Executive Summary

Informations
Name CVE-2007-2683 First vendor Publication 2007-05-15
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:S/C:P/I:P/A:P)
Cvss Base Score 3.5 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 1.5 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10543
 
Oval ID: oval:org.mitre.oval:def:10543
Title: Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "" characters in the GECOS field, which triggers the overflow during alias expansion.
Description: Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2683
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22532
 
Oval ID: oval:org.mitre.oval:def:22532
Title: ELSA-2007:0386: mutt security update (Moderate)
Description: Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
Family: unix Class: patch
Reference(s): ELSA-2007:0386-02
CVE-2006-5297
CVE-2007-1558
CVE-2007-2683
 Version: 17
Platform(s): Oracle Linux 5
 Product(s): mutt
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2009-04-09 Name : Mandriva Update for mutt MDKSA-2007:113 (mutt)
File : nvt/gb_mandriva_MDKSA_2007_113.nasl
2009-02-27 Name : Fedora Update for mutt FEDORA-2007-0001
File : nvt/gb_fedora_2007_0001_mutt_fc7.nasl
2009-02-27 Name : Fedora Update for mutt FEDORA-2007-539
File : nvt/gb_fedora_2007_539_mutt_fc6.nasl
2009-02-27 Name : Fedora Update for mutt FEDORA-2007-540
File : nvt/gb_fedora_2007_540_mutt_fc5.nasl
2008-09-04 Name : FreeBSD Ports: mutt, mutt-lite, ja-mutt, zh-mutt
File : nvt/freebsd_mutt1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
34973 Mutt GECOS Field Alias Expansion Overflow

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2007-0386.nasl - Type : ACT_GATHER_INFO
2012-09-24 Name : The remote Fedora host is missing a security update.
File : fedora_2007-0002.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20070604_mutt_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2007-07-30 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_863f95d33df111dcb3d30016179b2dd5.nasl - Type : ACT_GATHER_INFO
2007-06-05 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-113.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2007-0386.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-0386.nasl - Type : ACT_GATHER_INFO
2007-06-01 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-539.nasl - Type : ACT_GATHER_INFO
2007-06-01 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-540.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://dev.mutt.org/trac/ticket/2885
http://osvdb.org/34973
http://secunia.com/advisories/25408
http://secunia.com/advisories/25515
http://secunia.com/advisories/25529
http://secunia.com/advisories/25546
http://secunia.com/advisories/26415
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.securityfocus.com/bid/24192
http://www.securitytracker.com/id?1018066
http://www.trustix.org/errata/2007/0024/
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890
https://exchange.xforce.ibmcloud.com/vulnerabilities/34441
https://issues.rpath.com/browse/RPL-1391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2024-11-28 23:17:21
  • Multiple Updates
2024-11-28 12:12:21
  • Multiple Updates
2021-05-04 12:05:47
  • Multiple Updates
2021-04-22 01:06:20
  • Multiple Updates
2020-05-23 00:19:47
  • Multiple Updates
2018-07-13 01:02:24
  • Multiple Updates
2017-10-11 09:23:57
  • Multiple Updates
2017-07-29 12:02:14
  • Multiple Updates
2016-06-28 16:29:47
  • Multiple Updates
2016-04-26 16:08:25
  • Multiple Updates
2014-02-17 10:40:12
  • Multiple Updates
2013-05-11 10:25:45
  • Multiple Updates
2012-11-07 00:15:13
  • Multiple Updates