CVE-2016-6253

mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
netbsdnetbsd
6.0
netbsdnetbsd
6.0.1
netbsdnetbsd
6.0.2
netbsdnetbsd
6.0.3
netbsdnetbsd
6.0.4
netbsdnetbsd
6.0.5
netbsdnetbsd
6.0.6
netbsdnetbsd
6.1
netbsdnetbsd
6.1.1
netbsdnetbsd
6.1.2
netbsdnetbsd
6.1.3
netbsdnetbsd
6.1.4
netbsdnetbsd
6.1.5
netbsdnetbsd
7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://akat1.pl/?id=2
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc
http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html
http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local
http://www.securityfocus.com/bid/92101
http://www.securitytracker.com/id/1036429
https://www.exploit-db.com/exploits/40141/
https://www.exploit-db.com/exploits/40385/
http://akat1.pl/?id=2
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc
http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html
http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local
http://www.securityfocus.com/bid/92101
http://www.securitytracker.com/id/1036429
https://www.exploit-db.com/exploits/40141/
https://www.exploit-db.com/exploits/40385/