Vulnerabilities > CVE-2004-1808 - Unspecified vulnerability in Metamail Corporation Metamail 2.7

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

metamail-corporation

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.

Vulnerable Configurations

Part	Description	Count
Application	Metamail_Corporation Metamail Corporation Metamail 2.7	1

Statements

contributor	Mark J Cox
lastmodified	2009-06-01
organization	Red Hat
statement	The Red Hat Security Response Team rated this issue as having low security impact. This issue affected Red Hat Enterprise Linux 2.1 but due to the low severity will not be fixed. metamail was not shipped in Red Hat Enterprise Linux 3, 4, or 5.

References

http://www.securityfocus.com/bid/9850
http://marc.info/?l=bugtraq&m=107910934926062&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15460