Derek Martin

**Name of the Vulnerable Software and Affected Versions** Mutt versions 1.5.12 and earlier **Description** The issue is related to a race condition in the safe open function when creating temporary files in an NFS filesystem. This allows local users to overwrite arbitrary files due to limitations of the use of the O EXCL flag on NFS filesystems. **Recommendations** For versions 1.5.12 and earlier, consider applying configuration changes to avoid using NFS filesystems for temporary files until a patch is available. As a temporary workaround, restrict access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mutt versions 1.5.12 and earlier **Description** The issue arises from the mutt adv mktemp function in the Mutt mail client, which fails to properly verify that temporary files have been created with restricted permissions. This could allow local users to create files with weak permissions via a race condition between the mktemp and safe fopen function calls. **Recommendations** For versions 1.5.12 and earlier, update to a version that addresses this issue, as the current version does not properly restrict permissions for temporary files.