CVE-2016-6253

Name of the Vulnerable Software and Affected Versions NetBSD versions 6.0 through 6.0.6 NetBSD versions 6.1 through 6.1.5 NetBSD versions 7.0

Description The issue is related to an incorrect link resolution before file access in the mail.local service of the NetBSD operating system. This can be exploited by a local attacker to bypass protection and manipulate symbolic links, potentially allowing them to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.

Recommendations For NetBSD versions 6.0 through 6.0.6, consider restricting access to the mail.local service until a patch is available. For NetBSD versions 6.1 through 6.1.5, avoid using the mail.local service for sensitive operations until the issue is resolved. For NetBSD versions 7.0, as a temporary workaround, consider disabling the mail.local service to minimize the risk of exploitation.