Vulnerability Details : CVE-2016-6253
Public exploit exists!
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
Exploit prediction scoring system (EPSS) score for CVE-2016-6253
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 38 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-6253
-
NetBSD mail.local Privilege Escalation
Disclosure Date: 2016-07-07First seen: 2020-04-26exploit/unix/local/netbsd_mail_localThis module attempts to exploit a race condition in mail.local with SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1) NetBSD 6.1 - 6.1.5 NetBSD 6.0 - 6.0.6 Successful exploitation relies on a crontab job with root privilege, which may take up
CVSS scores for CVE-2016-6253
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-6253
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6253
-
http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html
NetBSD mail.local(8) Local Root ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local
NetBSD mail.local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1036429
NetBSD mail.local(8) Race Condition Lets Local Users Obtain Root Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/40385/
NetBSD - 'mail.local(8)' Local Privilege Escalation (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
http://akat1.pl/?id=2
akat1 - Spawn your shell like it's 90s again!Exploit;Third Party Advisory
-
http://www.securityfocus.com/bid/92101
NetBSD CVE-2016-6253 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc
Vendor Advisory
-
https://www.exploit-db.com/exploits/40141/
NetBSD - 'mail.local(8)' Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
Products affected by CVE-2016-6253
- cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:7.0:*:*:*:*:*:*:*