7.8

CVE-2016-6253

Exploit
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetbsdNetbsd Version6.0
NetbsdNetbsd Version6.0.1
NetbsdNetbsd Version6.0.2
NetbsdNetbsd Version6.0.3
NetbsdNetbsd Version6.0.4
NetbsdNetbsd Version6.0.5
NetbsdNetbsd Version6.0.6
NetbsdNetbsd Version6.1
NetbsdNetbsd Version6.1.1
NetbsdNetbsd Version6.1.2
NetbsdNetbsd Version6.1.3
NetbsdNetbsd Version6.1.4
NetbsdNetbsd Version6.1.5
NetbsdNetbsd Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.56% 0.88
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://akat1.pl/?id=2
Third Party Advisory
Exploit
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc
Vendor Advisory
http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html
Third Party Advisory
Exploit
VDB Entry
http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local
Third Party Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/92101
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036429
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40141/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/40385/
Third Party Advisory
Exploit
VDB Entry