PT-2008-6300 · Smsclient · Smsclient

Publicado

2008-11-18

Atualizado

2009-02-17

CVE-2008-5155

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions smsclient version 2.0.8z

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files /tmp/header.##### or /tmp/body.#####, or append data to arbitrary files via a symlink attack on the /tmp/sms.log temporary file.

Recommendations For smsclient version 2.0.8z, consider restricting access to the temporary files /tmp/header.#####, /tmp/body.#####, and /tmp/sms.log to prevent symlink attacks until a patch is available. As a temporary workaround, avoid using the mail2sms.sh script in smsclient until the issue is resolved.

Exploit

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2008-5155

Produtos afetados

Smsclient

PT-2008-6300 · Smsclient · Smsclient

CVE-2008-5155

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4