claws-mail

2008-01-15

Page content

Author: voroskoi
Vulnerable: 3.0.1-1
Unaffected: 3.0.1-2sayshell1

A security issue has been reported in Claws Mail, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the sylprint.pl script using temporary files in an insecure manner. This can be exploited to overwrite or delete arbitrary files via symlink attacks.

Bug Tracker URL: http://bugs.frugalware.org/task/2655

CVEs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6208