CVE

CVE-2007-2683

Date: (C)2007-05-15   (M)2023-12-22

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 1.5
Impact Score: 6.4
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1018066

2007-0024

BID-24192

SECUNIA-25408

SECUNIA-25515

SECUNIA-25529

SECUNIA-25546

SECUNIA-26415

OSVDB-34973

MDKSA-2007:113

RHSA-2007:0386

http://dev.mutt.org/trac/ticket/2885

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890

https://issues.rpath.com/browse/RPL-1391

mutt-gecos-bo(34441)

oval:org.mitre.oval:def:10543