Elm 'filter' Arbitrary Mail Disclosure Vulnerability
BID:1802
Info
Elm 'filter' Arbitrary Mail Disclosure Vulnerability
| Bugtraq ID: | 1802 |
| Class: | Race Condition Error |
| CVE: |
CVE-1999-0114 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 26 1995 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | This vulnerability was reported to bugtraq by David J Meltzer < [email protected] > on Dec 26 1995. |
| Vulnerable: |
Elm Development Group ELM 2.4 |
| Not Vulnerable: | |
Discussion
Elm 'filter' Arbitrary Mail Disclosure Vulnerability
Elm is a popular Unix mail client. A vulnerability exists in Elm's 'filter' utility which can grant an attacker access to any user's mail spool. By exploiting a race condition which exists in the creation of temporary files, an unauthorized user can delete an open temporary file and replace it with a symbolic link pointing to any other user's mail spool. The mailmessage function will then follow this link, and copy the contents of the victim's mail file to that of the attacker. The obvious result is that the attacker is able to read the victim's mail messages.
Elm is a popular Unix mail client. A vulnerability exists in Elm's 'filter' utility which can grant an attacker access to any user's mail spool. By exploiting a race condition which exists in the creation of temporary files, an unauthorized user can delete an open temporary file and replace it with a symbolic link pointing to any other user's mail spool. The mailmessage function will then follow this link, and copy the contents of the victim's mail file to that of the attacker. The obvious result is that the attacker is able to read the victim's mail messages.
Exploit / POC
Elm 'filter' Arbitrary Mail Disclosure Vulnerability
exploit available
exploit available
Solution / Fix
Elm 'filter' Arbitrary Mail Disclosure Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Elm 'filter' Arbitrary Mail Disclosure Vulnerability
References:
References: