VULHUB ™

Jon Zeeff's lmail is a local mail delivery agent (LDA) designed to provide mail-to-pipe and mail-to-file aliasing for smail. A race condition vulnerability exists in lmail. The lmail program makes insecure use of temporary files, making it susceptible to symbolic link attacks. The program also writes data from the standard input stream (stdin) directly to the temporary file. Because lmail is usually installed setuid root, it may be possible for a local user to overwrite any file on a system with arbitrary data.

Jon Zeeff's lmail is a local mail delivery agent (LDA) designed to provide mail-to-pipe and mail-to-file aliasing for smail. A race condition vulnerability exists in lmail. The lmail program makes insecure use of temporary files, making it susceptible to symbolic link attacks. The program also writes data from the standard input stream (stdin) directly to the temporary file. Because lmail is usually installed setuid root, it may be possible for a local user to overwrite any file on a system with arbitrary data.