Horde IMP Message Attachment Symbolic Link Vulnerability

IMP is a powerful web-based mail interface/client developed by members of the Horde project.

IMP makes insecure use of temporary filenames, allowing an attacker to carry out symbolic link attacks. Imp creates temporary filenames in processing files attached to mail messages.

If an attacker can determine the name of Imp's temporary file prior to its creation, a symbolic link could be created pointing to a target file for which the Imp process owner has write permissions.

In this event, Imp will overwrite the contents of the target file with its own output.


Privacy Statement
Copyright 2010, SecurityFocus