CVE-2016-6253

HIGH

NetBSD <7.0 - Local Privilege Escalation

Title source: llm

Description

mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalnetbsd_x86

https://www.exploit-db.com/exploits/40385

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by akat1 · clocalbsd

https://www.exploit-db.com/exploits/40141

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by h00die <[email protected]>, akat1 · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/local/netbsd_mail_local.rb

View Code ZIP pw:eip

References (8)

[Exploit, Third Party Advisory] http://akat1.pl/?id=2

[Vendor Advisory] http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html

[Exploit, Third Party Advisory, VDB Entry] http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92101

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036429

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/40141/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/40385/

Scores

CVSS v3 7.8

EPSS 0.0727

EPSS Percentile 91.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-59

Status published

Products (14)

netbsd/netbsd 6.0

netbsd/netbsd 6.0.1

netbsd/netbsd 6.0.2

netbsd/netbsd 6.0.3

netbsd/netbsd 6.0.4

netbsd/netbsd 6.0.5

netbsd/netbsd 6.0.6

netbsd/netbsd 6.1

netbsd/netbsd 6.1.1

netbsd/netbsd 6.1.2

... and 4 more

Published Jan 20, 2017

Tracked Since Feb 18, 2026