PT-2007-2688 · Mutt+3 · Mutt+3

Published

2007-03-06

Updated

2018-10-16

CVE-2007-1268

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mutt versions 1.5.13 and earlier

Description The issue prevents Mutt from properly distinguishing between signed and unsigned portions of OpenPGP messages with multiple components when invoking GnuPG, due to incorrect usage of the --status-fd argument. This allows remote attackers to forge the contents of a message without detection.

Recommendations For versions 1.5.13 and earlier, update to a version that properly handles the --status-fd argument when invoking GnuPG to prevent message forgery.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2015-1458

CVE-2007-1268

Affected Products

Alt Linux

Debian

Gnupg

Mutt

PT-2007-2688 · Mutt+3 · Mutt+3

CVE-2007-1268

Related Identifiers

Affected Products

References · 23