Linux pop3d Arbitrary Mail File Access

1995-12-22T17:35:01
ID OSVDB:5857
Type osvdb
Reporter David J Meltzer(davem+@andrew.cmu.edu)
Modified 1995-12-22T17:35:01

Description

Vulnerability Description

pop3d contains a flaw that allows a malicious user to access arbitrary mail files. The issue is triggered due to the usage of mktmp() in order to create temporary files in /tmp. A local attacker can use this to read the mail currently being processed by the pop3d daemon. This flaw may lead to a loss of confidentiality.

Solution Description

Upgrade to Slackware 3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

pop3d contains a flaw that allows a malicious user to access arbitrary mail files. The issue is triggered due to the usage of mktmp() in order to create temporary files in /tmp. A local attacker can use this to read the mail currently being processed by the pop3d daemon. This flaw may lead to a loss of confidentiality.

References:

Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/1995_4/0168.html ISS X-Force ID: 418 CVE-1999-0242