2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.7%
Internet Message (IM) consists of a set of user interface commands and
backend Perl5 libraries to integrate email and the NetNews user interface.
These commands are designed to be used from both the Mew mail reader for
Emacs and the command line.
A vulnerability has been discovered by Tatsuya Kinoshita in the way two IM
utilities create temporary files. By anticipating the names used to
create files and directories stored in the /tmp directory, it may be
possible for a local attacker to corrupt or modify data as another user.
Users of IM are advised to install these packages which contain a
backported patch to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | im | < 140-3.21AS.3 | im-140-3.21AS.3.i386.rpm |
RedHat | any | ia64 | im | < 140-3.21AS.3 | im-140-3.21AS.3.ia64.rpm |