CVE-2003-1324

Name of the Vulnerable Software and Affected Versions Elm ME+ version 2.4

Description A race condition exists in the can open function of Elm ME+, which can be exploited by local users to read and modify certain files with the privileges of the mail group. This issue occurs when Elm ME+ is installed setgid mail and the operating system lacks POSIX saved ID support.

Recommendations For Elm ME+ version 2.4, consider restricting access to the can open function until a patch is available, or apply configuration changes to mitigate the risk of exploitation, such as ensuring the operating system has POSIX saved ID support enabled.