CVE-2016-6253

Sažetak

mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.

Reference

http://akat1.pl/?id=2
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc
http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html
http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local
http://www.securityfocus.com/bid/92101
http://www.securitytracker.com/id/1036429
https://www.exploit-db.com/exploits/40141/
https://www.exploit-db.com/exploits/40385/

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

20-01-2017 - 19:58

Objavljeno

20-01-2017 - 15:59