Metamail Extcompose Program Symlink Vulnerability
BID:9850
Info
Metamail Extcompose Program Symlink Vulnerability
| Bugtraq ID: | 9850 |
| Class: | Race Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 12 2004 12:00AM |
| Updated: | Mar 12 2004 12:00AM |
| Credit: | Discovery is credited to Shaun Colley <[email protected]>. |
| Vulnerable: |
Metamail Metamail 2.7 |
| Not Vulnerable: | |
Discussion
Metamail Extcompose Program Symlink Vulnerability
It has been reported that Metamail extcompose program may be prone to a symbolic link vulnerability that may allow an attacker to corrupt or overwrite sensitive files. It has been reported that 'extcompose' writes output to a file specified by the user via the command line. The issue has been reported to present itself because the program creates files without verifying the existence of the specified files. A local user may leverage this condition to corrupt arbitrary files triggering a system wide denial of service or potentially elevating their system privileges.
Although unconfirmed, it has been reported that the 'extcompose.sigh' is also vulnerable to this issue.
Metamail 2.7 and prior may be prone to these issues.
It has been reported that Metamail extcompose program may be prone to a symbolic link vulnerability that may allow an attacker to corrupt or overwrite sensitive files. It has been reported that 'extcompose' writes output to a file specified by the user via the command line. The issue has been reported to present itself because the program creates files without verifying the existence of the specified files. A local user may leverage this condition to corrupt arbitrary files triggering a system wide denial of service or potentially elevating their system privileges.
Although unconfirmed, it has been reported that the 'extcompose.sigh' is also vulnerable to this issue.
Metamail 2.7 and prior may be prone to these issues.
Exploit / POC
Metamail Extcompose Program Symlink Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Metamail Extcompose Program Symlink Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Metamail Extcompose Program Symlink Vulnerability
References:
References:
- Metamail Homepage (Metamail)
- Metamail 'extcompose' script Symlink Vulnerability (Shaun Colley