Mailmgr Insecure Temporary File Creation Vulnerabilities
BID:9654
Info
Mailmgr Insecure Temporary File Creation Vulnerabilities
| Bugtraq ID: | 9654 |
| Class: | Configuration Error |
| CVE: |
CVE-2004-0283 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 12 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery is credited to Marco van Berkum. |
| Vulnerable: |
Mailmgr Mailmgr 1.2.3 |
| Not Vulnerable: | |
Discussion
Mailmgr Insecure Temporary File Creation Vulnerabilities
Mailmgr is reportedly to be prone to a vulnerability related to temporary file handling. The specific issue is that a number of temporary files are created in an insecure manner, potentially providing malicious local users with an opportunity to launch symbolic link attacks and cause files to be corrupted (in the context of the user invoking the software). This would most likely result in a denial of service but could also allow for privilege escalation, though this has not been confirmed.
This issue was reported to exist in Mailmgr 1.2.3. Other versions are also likely affected.
Mailmgr is reportedly to be prone to a vulnerability related to temporary file handling. The specific issue is that a number of temporary files are created in an insecure manner, potentially providing malicious local users with an opportunity to launch symbolic link attacks and cause files to be corrupted (in the context of the user invoking the software). This would most likely result in a denial of service but could also allow for privilege escalation, though this has not been confirmed.
This issue was reported to exist in Mailmgr 1.2.3. Other versions are also likely affected.
Exploit / POC
Mailmgr Insecure Temporary File Creation Vulnerabilities
There is no exploit required.
There is no exploit required.
Solution / Fix
Mailmgr Insecure Temporary File Creation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Mailmgr Insecure Temporary File Creation Vulnerabilities
References:
References:
- Mailmgr Homepage (Mailmgr)
- Symlink vulnerabilities in mailmgr (Marco van Berkum