SSMTP Mail Transfer Agent Symbolic Link Vulnerability
BID:10171
Info
SSMTP Mail Transfer Agent Symbolic Link Vulnerability
| Bugtraq ID: | 10171 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2004 12:00AM |
| Updated: | Apr 19 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to [email protected]. |
| Vulnerable: |
ssmtp ssmtp 2.50.6 |
| Not Vulnerable: | |
Discussion
SSMTP Mail Transfer Agent Symbolic Link Vulnerability
It has been reported that ssmtp is prone to a symbolic link vulnerability. This issue is due to a design error that causes the application to fail to validate files before writing to them.
This issue could be leveraged to corrupt arbitrary, attacker-specified system files. It may be possible for an attacker to gain escalated privileges on the affected system; it is certainly possible to cause a system wide denial of service condition.
It has been reported that ssmtp is prone to a symbolic link vulnerability. This issue is due to a design error that causes the application to fail to validate files before writing to them.
This issue could be leveraged to corrupt arbitrary, attacker-specified system files. It may be possible for an attacker to gain escalated privileges on the affected system; it is certainly possible to cause a system wide denial of service condition.
Exploit / POC
SSMTP Mail Transfer Agent Symbolic Link Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
SSMTP Mail Transfer Agent Symbolic Link Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SSMTP Mail Transfer Agent Symbolic Link Vulnerability
References:
References: