7 matches found
EUVD-2001-1066
Malware in sbrugna...
CVE-2001-1085
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file...
CVE-2001-1085
CVE-2001-1085 concerns Lmail 2.7 and earlier. The vulnerability arises from a symlink attack on a temporary file, allowing local users to overwrite arbitrary files. The reports indicate local access is required; impact is partial on confidentiality, integrity, and availability per the provided me...
lmail local root exploit
lmail is vulnerable to an insecure mktemp race which allows a user to overwrite or create a files. Offending code lmail.c: define MAILTMPFILE "/tmp/rmXXXXXX" ... static char tempfname = MAILTMPFILE; ... if fseekstdin, 0L, 0 != 0 mailfile = fopenmktemptempfname, "w+"; ... Patch: s/mktemp/mkstemp/g...
Проблема символьных линков в lmail (symbolic links)
Используется mktemp...
CVE-2001-1085
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file...
Lmail 2.7 - Temporary File Race Condition
Lmail 2.7 - Temporary File Race Condition // source: https://www.securityfocus.com/bid/2984/info Jon Zeeff's lmail is a local mail delivery agent LDA designed to provide mail-to-pipe and mail-to-file aliasing for smail. A race condition vulnerability exists in lmail. The lmail program makes...