Package: claws-mail-tools
Severity: important
Tags: security
Hi,
the sylprint.pl also shipped in an installation of the
package is prone to a symlink attack.
sylprint.pl:
213 $tmpfn="/tmp/sylprint.$ENV{'USER'}.$$";
214 open(TMP,">$tmpfn");
215 open(FIN,"<$ARGV[0]");
216 LN: while (<FIN>) {
217 >···$ln = $_;
218 >···foreach $n (@cabn) {
[...]
242 # print headers
243 if ($headers) {
244 >···print TMP "\n\n";Since the process id is pretty predictable as well as the user name in this case an attacker could create a symlink to the tmp file and thereby overwriting arbitrary files owned by the user. Opening with O_EXCL and raising an error would be sufficient from my point of view. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp6iOr4EhyIU.pgp
Description: PGP signature
