Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Imp | Horde | * | 2.2.4 (including) |
| Imp | Horde | 2.0 (including) | 2.0 (including) |
| Imp | Horde | 2.2 (including) | 2.2 (including) |
| Imp | Horde | 2.2.1 (including) | 2.2.1 (including) |
| Imp | Horde | 2.2.2 (including) | 2.2.2 (including) |
| Imp | Horde | 2.2.3 (including) | 2.2.3 (including) |
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-025.0.txt
- http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html
- http://www.horde.org/imp/2.2/news.php
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-025.0.txt
- http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html
- http://www.horde.org/imp/2.2/news.php