FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

claws-mail -- insecure temporary file creation

Affected packages
claws-mail < 3.1.0

Details

VuXML ID a59afa47-c930-11dc-810c-0016179b2dd5
Discovery 2007-12-03
Entry 2008-01-22
Modified 2008-02-12

Nico Golde reports:

A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail.

References

Bugtraq ID 26676
CVE Name CVE-2007-6208
URL http://secunia.com/advisories/27897
URL http://security.gentoo.org/glsa/glsa-200801-03.xml
URL http://www.gentoo.org/security/en/glsa/glsa-200801-03.xml