Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Pine < 4.63 rpdump Symlink Arbitrary File Overwrite

Low

Synopsis

The remote host is vulnerable to a local flaw in the way that it creates temporary files.

Description

Pine versions 4.62 and below suffer from a vulnerability with the rpdump utility. Rpdump ships with Pine by default. This version of rpdump is vulnerable to a local file-access race condition. An attacker exploiting this flaw would need local access to the machine as well as the knowledge of when a user was using rpdump. Successful exploitation results in elevation of privileges.

Solution

Upgrade to version 4.63 or higher.