Issue Details (XML | Word | Printable)

Key: FL-693
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Mark Trompell
Reporter: Thilo Pfennig
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Foresight Linux

Claws Mail sylprint.pl Insecure Temporary Files

Created: 07/Dec/07 01:18 PM   Updated: 19/Dec/07 10:57 AM
Component/s: Contrib Area, Security
Affects Version/s: 1.4.2
Fix Version/s: None
Security Level: Public (Everyone can see this issue)

Time Tracking:
Not Specified

Environment:
claws-mail=3.1.0-0.0.1-1


 Description  « Hide
A security issue has been reported in Claws Mail, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the sylprint.pl script using temporary files in an insecure manner. This can be exploited to overwrite or delete arbitrary files via symlink attacks.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Mark Trompell added a comment - 19/Dec/07 10:57 AM
CVE-2007-6208 is fixed in Claws 3.2.0, available in fl:1-contrib and fl:2-devel

Mark Trompell made changes - 19/Dec/07 10:57 AM
Field Original Value New Value
Resolution Fixed [ 1 ]
Assignee Distro [ jira-distro ] Mark Trompell [ mark__t ]
Status Open [ 1 ] Resolved [ 5 ]

Powered by a free Atlassian JIRA open source license for Foresight Linux. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators