• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Pine RPDump Local File Corruption Vulnerability

Pine 'rpdump' is reported prone to a race condition vulnerability. The issue exists because a window of opportunity exists between the time that the software checks if a user supplied local file exists, and the time that the file is opened for writing.

If 'rpdump' is being invoked against an existing file that resides in a local world-writable directory, an attacker may potentially replace the file with a hardlink to a target file. The attacker may accomplish this while the vulnerable software is processing the remote file. If successful, data that was supposed for the existing file will instead be written to the linked file.

Pine version 4.62 is reported vulnerable, other versions might also be affected.