CVE-2007-6208 — Link Following in Claws-mail

CWE-59 — Link Following6 documents6 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 77.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Claws-mail

Timeline

PublishedDec 4

Latest updateMay 1

Description

sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

▶Debianclaws-mail/claws-mail< 3.1.0-2+3

🔴Vulnerability Details

GHSA

GHSA-wf73-pxpq-869j: sylprint↗2022-05-01

▶

OSV

CVE-2007-6208: sylprint↗2007-12-04

▶

CVEList

CVE-2007-6208: sylprint↗2007-12-04

▶

📋Vendor Advisories

Debian

CVE-2007-6208: claws-mail - sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwri...↗2007

▶

💬Community

Bugzilla

Critical Regression caused by CVE-2007-4572↗2007-12-01

▶