CVE-2013-0350 — MEDIUM (6.3)

Vulnerability Description

tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.

CVSS Score

6.3

MEDIUM

AV:L/AC:M/Au:N/C:N/I:C/A:C

Confidentiality

NONE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
David Leonard	Pkstat	1.8.5

Related Weaknesses (CWE)

CWE-59

References

http://osvdb.org/90588
http://seclists.org/oss-sec/2013/q1/417
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701211
http://osvdb.org/90588
http://seclists.org/oss-sec/2013/q1/417
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701211

FAQ

What is CVE-2013-0350?

CVE-2013-0350 is a vulnerability with a CVSS score of 6.3 (MEDIUM). tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.

How severe is CVE-2013-0350?

CVE-2013-0350 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0350?

Check the references section above for vendor advisories and patch information. Affected products include: David Leonard Pkstat.