Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1103

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1103
Last Modified 26 Sep 2012 12:00:00
Published 25 Sep 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1103

Summary

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

Vulnerable Systems

Application

  • Notmuchmail Notmuch 0.1

  • Notmuchmail Notmuch 0.1.1

  • Notmuchmail Notmuch 0.10

  • Notmuchmail Notmuch 0.10.1

  • Notmuchmail Notmuch 0.10.2

  • Notmuchmail Notmuch 0.11

  • Notmuchmail Notmuch 0.2

  • Notmuchmail Notmuch 0.3

  • Notmuchmail Notmuch 0.3.1

  • Notmuchmail Notmuch 0.4

  • Notmuchmail Notmuch 0.5

  • Notmuchmail Notmuch 0.6

  • Notmuchmail Notmuch 0.6.1

  • Notmuchmail Notmuch 0.7

  • Notmuchmail Notmuch 0.8

  • Notmuchmail Notmuch 0.9


References

BID - 52155

MLIST - [oss-security] 20120304 Re: CVE request: notmuch

MLIST - [oss-security] 20120304 CVE request: notmuch

DEBIAN - DSA-2416

SECUNIA - 48139

CONFIRM - http://notmuchmail.org/news/release-0.11.1/

CONFIRM - http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12fff11600c6..ae438ccd8c77831158c7c30f19710d798ee4a6b4:/emacs/notmuch-mua.el


Last Updated: 27 May 2016 11:00:48