MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mformat | Mtools | 3.9.1 (including) | 3.9.1 (including) |
| Mformat | Mtools | 3.9.2 (including) | 3.9.2 (including) |
| Mformat | Mtools | 3.9.3 (including) | 3.9.3 (including) |
| Mformat | Mtools | 3.9.4 (including) | 3.9.4 (including) |
| Mformat | Mtools | 3.9.5 (including) | 3.9.5 (including) |
| Mformat | Mtools | 3.9.6 (including) | 3.9.6 (including) |
| Mformat | Mtools | 3.9.7 (including) | 3.9.7 (including) |
| Mformat | Mtools | 3.9.8 (including) | 3.9.8 (including) |
| Mformat | Mtools | 3.9.9 (including) | 3.9.9 (including) |
References
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:016
- http://www.securityfocus.com/bid/9746
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15317
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:016
- http://www.securityfocus.com/bid/9746
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15317