Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Debian: DSA 202-1 Critical: IM Package Temporary File Risk

debian
Calendar Grey December 3, 2002
Debian Logo
-------------------------------------------------------------------------- Debian Security Advisory
Tatsuya Kinoshita discovered that IM, which contains interfacecommands and Perl libraries for E-mail and NetNews, creates temporaryfiles insecurely.

Summary

Tatsuya Kinoshita discovered that IM, which contains interface
commands and Perl libraries for E-mail and NetNews, creates temporary
files insecurely.

1. The impwagent program creates a temporary directory in an insecure
manner in /tmp using predictable directory names without checking
the return code of mkdir, so it's possible to seize a permission
of the temporary directory by local access as another user.

2. The immknmz program creates a temporary file in an insecure manner
in /tmp using a predictable filename, so an attacker with local
access can easily create and overwrite files as another user.

These problems have been fixed in version 141-18.1 for the current
stable distribution (woody), in version 133-2.2 of the old stable
distribution (potato) and in version 141-20 for the unstable
distribution (sid).

We recommend that you upgrade your IM package.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the ...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: im

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.