CVE-2016-6253

7.8 HIGH

Published: January 20, 2017 Modified: May 13, 2026

Description

mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://akat1.pl/?id=2

Source: cve@mitre.org

Exploit Third Party Advisory

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/92101

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1036429

Source: cve@mitre.org

Third Party Advisory VDB Entry

https://www.exploit-db.com/exploits/40141/

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

https://www.exploit-db.com/exploits/40385/

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://akat1.pl/?id=2