Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| chip_salzenberg | deliver | 2.1.14 |
Chip Salzenberg Deliver does not properly associate a lockfile with the user who created the file, which allows local users to cause a denial of service (blockage of incoming e-mail) by creating lockfiles for arbitrary mailboxes.
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| chip_salzenberg | deliver | 2.1.14 |