Описание
The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ssmtp | unfixed | package |
Примечания
bug still exists in the ssmtp source, but is only activated if
--enable-logfile is used in ./configure
The package doesn't enable that flag so it is safe.
EPSS
Процентиль: 24%
0.00078
Низкий
Связанные уязвимости
nvd
около 21 года назад
The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.
github
больше 3 лет назад
The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.
EPSS
Процентиль: 24%
0.00078
Низкий