Info

Disclosure

Apr 09, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Pine rdump contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user causes rdump to write to a symlink. This allows the overwriting of arbitrary files with the privileges of the user running Pine. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

University of Washington

Pine

4.62

References

Secunia Advisory ID: 14899
Related OSVDB ID: 15456
CVE ID: 2005-1066 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0145.html
Other Advisory URL: http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html
Vendor URL: http://www.washington.edu/pine/

Credit

Imran Ghory - imranghorygmail.com -

Direct URL: http://osvdb.org/36218