mime-support -- insecure temporary file creation

2003-04-22T00:00:00
ID DSA-292
Type debian
Reporter Debian
Modified 2003-04-22T00:00:00

Description

Colin Phipps discovered several problems in mime-support, that contains support programs for the MIME control files 'mime.types' and 'mailcap'. When a temporary file is to be used it is created insecurely, allowing an attacker to overwrite arbitrary under the user id of the person executing run-mailcap.

When run-mailcap is executed on a file with a potentially problematic filename, a temporary file is created (not insecurely anymore), removed and a symbolic link to this filename is created. An attacker could recreate the file before the symbolic link is created, forcing the display program to display different content.

For the stable distribution (woody) these problems have been fixed in version 3.18-1.3.

For the old stable distribution (potato) these problems have been fixed in version 3.9-1.3.

For the unstable distribution (sid) these problems have been fixed in version 3.23-1.

We recommend that you upgrade your mime-support packages.