Helvis Multiple Local Vulnerabilities...
helvis is reported prone to multiple local vulnerabilities. The following individual issues are reported: The 'elvprsv' utility is reported prone to an arbitrary file deletion vulnerability. It is reported that the 'elvprsv' utility is installed with setuid superuser privileges and therefore can be invoked by any user to delete arbitrary specified files on a vulnerable computer. 'elvprsv' is reported prone to a weak default permissions vulnerability on preserved emails that it generates. It is reported that emails preserved by the 'elvprsv' utility are written with insecure world readable permissions by default. A local attacker may exploit this issue to disclose sensitive information that is contained in preserved files that are written by the affected utility. Finally, it is reported that the helvis 'elvrec' utility may be used to disclose the contents of files that are preserved by 'elvprsv'. A local attacker may exploit this issue to disclose sensitive information that is...
