[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : exmh symlink vulnerability

Title: exmh symlink vulnerability
Released by: Stan Bubrouski
Date: 31st December 2000
Printable version: Click here
Author:   Stan Bubrouski (stan@ccs.neu.edu)

Date:   December 31, 2000

Package:  exmh

Versions affected:  2.2 and probably previous versions.

Severity:  A malicious local user could use a symlink attack to overwrite

           any file writable by the user executing exmh.

Problem: When exmh detects a problem at startup (or possibly other times,

I don't have time to investigate) it encounters errors in its code or

configuration an error dialog comes up asking the user what happened and

giving them the option to fill in an explanation and click a button to

send the bug report via e-mail to the maintainer.  If the user does

attempt to e-mail the maintainer a file named /tmp/exmhErrorMsg is created

and if the file exists and is a symlink it will follow the symlink

allowing local files to be overwritten depending on the user running exmh.

Solution: There are no known solutions at this time.

Copyright 2000 Stan Bubrouski


Stan Bubrouski                                       stan@ccs.neu.edu

316 Huntington Ave. Apt #676, Boston, MA 02115       (617) 377-7222

(C) 1999-2000 All rights reserved.