Vulnerability Database

296,138

Total vulnerabilities in the database

CVE-2016-6253

mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.

Published: Jan 20, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-6253
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
netbsd / netbsd	6.1.1	6.1.1.x
netbsd / netbsd	6.1.3	6.1.3.x
netbsd / netbsd	6.0	6.0.x
netbsd / netbsd	6.1.4	6.1.4.x
netbsd / netbsd	6.0.4	6.0.4.x
netbsd / netbsd	6.0.6	6.0.6.x
netbsd / netbsd	7.0	7.0.x
netbsd / netbsd	6.0.2	6.0.2.x
netbsd / netbsd	6.0.5	6.0.5.x
netbsd / netbsd	6.1.2	6.1.2.x
netbsd / netbsd	6.0.1	6.0.1.x
netbsd / netbsd	6.1.5	6.1.5.x
netbsd / netbsd	6.0.3	6.0.3.x
netbsd / netbsd	6.1	6.1.x