tkmail -- insecure temporary files

ID DSA-172
Type debian
Reporter Debian
Modified 2002-10-08T00:00:00


It has been discovered that tkmail creates temporary files insecurely. Exploiting this an attacker with local access can easily create and overwrite files as another user.

This problem has been fixed in version 4.0beta9-8.1 for the current stable distribution (woody), in version 4.0beta9-4.1 for the old stable distribution (potato) and in version 4.0beta9-9 for the unstable distribution (sid).

We recommend that you upgrade your tkmail packages.