Vulnerability CVE-2012-1103

Vulnerability CVE-2012-1103

Published: 2012-09-25 Modified: 2012-09-26

Description:

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Notmuchmail -> Notmuch

References:

http://www.openwall.com/lists/oss-security/2012/03/05/6

http://www.openwall.com/lists/oss-security/2012/03/04/5

http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12fff11600c6..ae438ccd8c77831158c7c30f19710d798ee4a6b4:/emacs/notmuch-mua.el

http://www.securityfocus.com/bid/52155

http://www.debian.org/security/2012/dsa-2416

http://secunia.com/advisories/48139

http://notmuchmail.org/news/release-0.11.1/

Vulnerability CVE-2012-1103

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

CWE-20

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

4.3/10

2.9/10

8.6/10

Remote

Medium

No required

Partial

None

None

Affected software

References: