Advisories : exmh symlink vulnerability

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : exmh symlink vulnerability

Title:	exmh symlink vulnerability
Released by:	Stan Bubrouski
Date:	31st December 2000
Printable version:	Click here

Author:   Stan Bubrouski (stan@ccs.neu.edu)

Date:   December 31, 2000

Package:  exmh

Versions affected:  2.2 and probably previous versions.

Severity:  A malicious local user could use a symlink attack to overwrite

           any file writable by the user executing exmh.



Problem: When exmh detects a problem at startup (or possibly other times,

I don't have time to investigate) it encounters errors in its code or

configuration an error dialog comes up asking the user what happened and

giving them the option to fill in an explanation and click a button to

send the bug report via e-mail to the maintainer.  If the user does

attempt to e-mail the maintainer a file named /tmp/exmhErrorMsg is created

and if the file exists and is a symlink it will follow the symlink

allowing local files to be overwritten depending on the user running exmh.



Solution: There are no known solutions at this time.



Copyright 2000 Stan Bubrouski



--

Stan Bubrouski                                       stan@ccs.neu.edu

316 Huntington Ave. Apt #676, Boston, MA 02115       (617) 377-7222