CVE-2003-0440 - The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allow

CVE-2003-0440

Summary

The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

References

Vulnerable Configurations

cpe:2.3:a:semi:semi:1.14.3:*:*:*:*:*:*:*
cpe:2.3:a:semi:semi:1.14.3:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2007-04-25T19:52:35.987-04:00

class

vulnerability

contributors

name Jay Beale
organization Bastille Linux
name Jay Beale
organization Bastille Linux
name Thomas R. Jones
organization Maitreya Security

description

The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

family

unix

oval:org.mitre.oval:def:569

status

accepted

submitted

2003-08-29T12:00:00.000-04:00

title

Symlink Attack Vulnerability in semi/wemi MIME Libraries

version

redhat via4

advisories

rhsa
id RHSA-2003:231
rhsa
id RHSA-2003:234

refmap via4

debian

DSA-339

Last major update

11-10-2017 - 01:29

Published

18-08-2003 - 04:00

Last modified

11-10-2017 - 01:29