Lucene search
GoogleOSV:DSA-202HistoryDec 03, 2002 - 12:00 a.m.
im - insecure temporary files
2002-12-0300:00:00
Google
osv.dev
5
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
Tatsuya Kinoshita discovered that IM, which contains interface
commands and Perl libraries for E-mail and NetNews, creates temporary
files insecurely.
- The impwagent program creates a temporary directory in an insecure
manner in /tmp using predictable directory names without checking
the return code of mkdir, so it’s possible to seize a permission
of the temporary directory by local access as another user. - The immknmz program creates a temporary file in an insecure manner
in /tmp using a predictable filename, so an attacker with local
access can easily create and overwrite files as another user.
These problems have been fixed in version 141-18.1 for the current
stable distribution (woody), in version 133-2.2 of the old stable
distribution (potato) and in version 141-20 for the unstable
distribution (sid).
We recommend that you upgrade your IM package.
References
Related
redhat
redhat
(RHSA-2003:038) im security update
2003-02-07 00:00:00
openvas
openvas
Debian Security Advisory DSA 202-1 (im)
2008-01-17 00:00:00
Debian Security Advisory DSA 202-2 (im)
2008-01-17 00:00:00
Debian Security Advisory DSA 202-2 (im)
2008-01-17 00:00:00
nessus
nessus
RHEL 2.1 : im (RHSA-2003:038)
2004-07-06 00:00:00
Debian DSA-202-1 : im - insecure temporary files
2004-09-29 00:00:00
debiancve
debiancve
CVE-2002-1395
2003-01-17 05:00:00
cve
cve
CVE-2002-1395
2003-01-17 05:00:00
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
Related for OSV:DSA-202