CVE-2016-6253

mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox...

CVE-2016-6253

CVE-2016-6253 concerns NetBSD’s mail.local local privilege escalation. A race/symlink vulnerability in mail.local (affecting NetBSD 6.0–6.0.6, 6.1–6.1.5, and 7.0) allows a local user to change ownership of or append data to arbitrary files via the user mailbox handling. Public references document...

NetBSD mail.local - Privilege Escalation (Metasploit)

Exploit for bsd platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule 'NetBSD mail.local Privilege Escalation', 'Description' = %q This module...

NetBSD - 'mail.local(8)' Local Privilege Escalation (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule 'NetBSD mail.local Privilege Escalation', 'Description' = %q This module attempts to exploit a race condition in mail.local with...

NetBSD mail.local Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule 'NetBSD mail.local Privilege Escalation', 'Description' = %q This module attempts to exploit a race condition in mail.local with...

NetBSD mail.local Privilege Escalation

This module attempts to exploit a race condition in mail.local with SUID bit set on: NetBSD 7.0 - 7.0.1 verified on 7.0.1 NetBSD 6.1 - 6.1.5 NetBSD 6.0 - 6.0.6 Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute. This module requires...

NetBSD mail.local(8) Local Root

// Source: http://akat1.pl/?id=2 include include include include include include include include define ATRUNPATH "/usr/libexec/atrun" define MAILDIR "/var/mail" static int overwriteatrunvoid char script = "! /bin/sh\n" "cp /bin/ksh /tmp/ksh\n" "chmod +s /tmp/ksh\n"; sizet size; FILE fh; int rv =...

NetBSD - 'mail.local(8)' Local Privilege Escalation

// Source: http://akat1.pl/?id=2 include include include include include include include include define ATRUNPATH "/usr/libexec/atrun" define MAILDIR "/var/mail" static int overwriteatrunvoid char script = "! /bin/sh\n" "cp /bin/ksh /tmp/ksh\n" "chmod +s /tmp/ksh\n"; sizet size; FILE fh; int rv =...

NetBSD - mail.local(8) Local Privilege Escalation

NetBSD - mail.local8 Local Privilege Escalation // Source: http://akat1.pl/?id=2 include include include include include include include include define ATRUNPATH "/usr/libexec/atrun" define MAILDIR "/var/mail" static int overwriteatrunvoid char script = "! /bin/sh\n" "cp /bin/ksh /tmp/ksh\n" "chm...

NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)

Exploit for bsd platform in category local exploits // Source: http://akat1.pl/?id=2 include include include include include include include include define ATRUNPATH "/usr/libexec/atrun" define MAILDIR "/var/mail" static int overwriteatrunvoid char script = "! /bin/sh\n" "cp /bin/ksh /tmp/ksh\n"...

Re: Re[4]: mailbox parsing problem in imap-4.7c

3APA3A [email protected] wrote: Hello Mark, Thursday, August 10, 2000, 9:14:25 PM, you wrote: MC This is not a sendmail issue, since sendmail is an MTA, not an MDA. Sendmail MC calls MDA programs. Sendmail works splendidly for us. sendmail contains mail.local. mail.local is MDA. At least BS...

Ошибка между WU-imap И mail.local

При доставке письма в Unix mailbox mail.local считает, что разделителем между письмами является пустая строка со следующим за ней заголовком "From ". Если в письме встречается такое сочетание, то "From" комментируется знаком ''. К сожалению, imapd считает разделителем строку "From " в определенно...

Ошибки в mail.local

Некорректное использование fgets в mail.local из sendmail 8.10.0 и 8.10.1 дает возможность повредить ящик пользователя путем подмены заголовка "Content-Length: ". В более старых версиях sendmail имеется возможность вставить LMTP команды в тело письма...

poc.mail.local.txt

Proof of Concept - Security Advisory 02/15/99 http://poc.csoft.net Released by [email protected] [email protected] --- Affected Program mail.local Berkeley Sendmail Description Local mailer forward mail to mailboxes Severity Mailbox compromise Synopsis: mail.local is a small program distributed wit...