Info

Disclosure

Apr 18, 2004

Discovery

Apr 18, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

sSMTP creates a logfile /tmp/ssmtp.log and the data in this logfile is user specified. It's possible to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file with the permissons of the ssmtp program (normally root).

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

All Vendors

sSMTP

2.50.6

References

Security Tracker: 1009883
Bugtraq ID: 10171
ISS X-Force ID: 15910
CVE ID: 2004-0423 (see also: NVD)
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-04/0212.html
Keyword: Insecure File Creation

Credit

priestmaster - priestpriestmaster.org -

Direct URL: http://osvdb.org/36218