Vulnerabilities > CVE-2004-1808 - Unspecified vulnerability in Metamail Corporation Metamail 2.7

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

metamail-corporation

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.

Vulnerable Configurations

Part	Description	Count
Application	Metamail_Corporation Metamail Corporation Metamail 2.7	1

Statements

contributor	Mark J Cox
lastmodified	2009-06-01
organization	Red Hat
statement	The Red Hat Security Response Team rated this issue as having low security impact. This issue affected Red Hat Enterprise Linux 2.1 but due to the low severity will not be fixed. metamail was not shipped in Red Hat Enterprise Linux 3, 4, or 5.

References

http://marc.info/?l=bugtraq&m=107910934926062&w=2
http://www.securityfocus.com/bid/9850
https://exchange.xforce.ibmcloud.com/vulnerabilities/15460