|
elm Privilege Escalation
|
|
Secunia Advisory:
|
SA9100
|
|
|
Release Date:
|
2003-06-24
|
|
Popularity:
|
5,492 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Unpatched
|
|
| Software: | ELM 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A vulnerability has been identified in elm Korean port on FreeBSD allowing malicious local users to gain group "bin" privileges.
The problem is that elm doesn't handle certain environment variables correct. This allows malicious users to cause a buffer overflow and possibly execute arbitrary code with group "bin" privileges.
This has been reported for version 2.4h4.1
Solution:
Do not allow untrusted users to access the system or remove elm Korean port and use a different mail client.
Provided and/or discovered by:
Knud Erik Højgaard
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
