FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

getmail -- symlink vulnerability during maildir delivery

Affected packages
getmail < 3.2.5

Details

VuXML ID 8c33b299-163b-11d9-ac1b-000d614f7fad
Discovery 2004-09-19
Entry 2004-10-04

David Watson reports a symlink vulnerability in getmail. If run as root (not the recommended mode of operation), a local user may be able to cause getmail to write files in arbitrary directories via a symlink attack on subdirectories of the maildir.

References

Bugtraq ID 11224
CVE Name CVE-2004-0881
Message 200409191532.38997.baikie@ehwat.freeserve.co.uk