mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Netbsd | Netbsd | 6.1.1 | 6.1.1 |
Netbsd | Netbsd | 6.1.3 | 6.1.3 |
Netbsd | Netbsd | 6.0 | 6.0 |
Netbsd | Netbsd | 6.1.4 | 6.1.4 |
Netbsd | Netbsd | 6.0.4 | 6.0.4 |
Netbsd | Netbsd | 6.0.6 | 6.0.6 |
Netbsd | Netbsd | 7.0 | 7.0 |
Netbsd | Netbsd | 6.0.2 | 6.0.2 |
Netbsd | Netbsd | 6.0.5 | 6.0.5 |
Netbsd | Netbsd | 6.1.2 | 6.1.2 |
Netbsd | Netbsd | 6.0.1 | 6.0.1 |
Netbsd | Netbsd | 6.1.5 | 6.1.5 |
Netbsd | Netbsd | 6.0.3 | 6.0.3 |
Netbsd | Netbsd | 6.1 | 6.1 |