Pine rpdump Symlink Arbitrary File Overwrite

2005-04-09T21:09:52
ID OSVDB:15456
Type osvdb
Reporter Imran Ghory(imranghory@gmail.com)
Modified 2005-04-09T21:09:52

Description

Vulnerability Description

Pine rdump contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user causes rdump to write to a symlink. This allows the overwriting of arbitrary files with the privileges of the user running Pine. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Pine rdump contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user causes rdump to write to a symlink. This allows the overwriting of arbitrary files with the privileges of the user running Pine. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.washington.edu/pine/ Secunia Advisory ID:14899 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0145.html