Detections
Analytics
XMail < 1.27 Insecure Temporary File Creation
low Nessus Plugin ID 44942
Language:
Synopsis
The remote host is running a mail server that creates temporary files insecurely.Description
According to its SMTP service banner, the version of XMail running on the remote host creates temporary files insecurely.A local attacker could exploit this to overwrite arbitrary files by using symlink attacks, which could lead to privilege escalation.
Solution
Upgrade to XMail 1.27 or later.See Also
http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27
Plugin Details
Severity: Low
ID: 44942
File Name: xmail_1_27.nasl
Version: 1.6
Type: remote
Family: Misc.
Published: 3/1/2010
Updated: 8/8/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/ParanoidReport
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/25/2010
Vulnerability Publication Date: 2/25/2010
Reference Information
BID: 38427
Secunia: 38734