Horde and Imp Temporary File Vulnerability

Imp is a powerful web-based mail interface/client developed by members of the Horde project. Horde Application Framework provides support for dealing with things like preferences, compression, browser detection, connection tracking, etc.

Imp creates temporary files insecurely. While some temporary file issues have been patched in Imp, there are still multiple instances where the files are created insecurely.

This issue can be exploited with symlink attacks by local attackers. The minimum effect of exploitation would be loss of critical data in overwritten files, and a potential for denial on services depending on which files are attacked. Worse than that is that local attackers may be able to elevate privileges on the host if they find a way to supply input that is written to files in symlink attacks.


Privacy Statement
Copyright 2010, SecurityFocus