|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Advisory: exmh symlink vulnerability
From: Stanley G. Bubrouski (stan
CCS.NEU.EDU)Date: Sun Dec 31 2000 - 14:32:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Author: Stan Bubrouski (stanccs.neu.edu)
Date: December 31, 2000
Package: exmh
Versions affected: 2.2 and probably previous versions.
Severity: A malicious local user could use a symlink attack to overwrite
any file writable by the user executing exmh.
Problem: When exmh detects a problem at startup (or possibly other times,
I don't have time to investigate) it encounters errors in its code or
configuration an error dialog comes up asking the user what happened and
giving them the option to fill in an explanation and click a button to
send the bug report via e-mail to the maintainer. If the user does
attempt to e-mail the maintainer a file named /tmp/exmhErrorMsg is created
and if the file exists and is a symlink it will follow the symlink
allowing local files to be overwritten depending on the user running exmh.
Solution: There are no known solutions at this time.
Copyright 2000 Stan Bubrouski
-- Stan Bubrouski stan
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]