Debian Security Advisory

DSA-202-1 im -- insecure temporary files

Date Reported:

03 Dec 2002

Affected Packages:

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 6307.
In Mitre's CVE dictionary: CVE-2002-1395.

More information:

Tatsuya Kinoshita discovered that IM, which contains interface commands and Perl libraries for E-mail and NetNews, creates temporary files insecurely.

The impwagent program creates a temporary directory in an insecure manner in /tmp using predictable directory names without checking the return code of mkdir, so it's possible to seize a permission of the temporary directory by local access as another user.
The immknmz program creates a temporary file in an insecure manner in /tmp using a predictable filename, so an attacker with local access can easily create and overwrite files as another user.

These problems have been fixed in version 141-18.1 for the current stable distribution (woody), in version 133-2.2 of the old stable distribution (potato) and in version 141-20 for the unstable distribution (sid).

We recommend that you upgrade your IM package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/pool/updates/main/i/im/im_133-2.3.dsc; http://security.debian.org/pool/updates/main/i/im/im_133-2.3.diff.gz; http://security.debian.org/pool/updates/main/i/im/im_133.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/i/im/im_133-2.3_all.deb

Debian GNU/Linux 3.0 (woody)

Source:: http://security.debian.org/pool/updates/main/i/im/im_141-18.2.dsc; http://security.debian.org/pool/updates/main/i/im/im_141-18.2.diff.gz; http://security.debian.org/pool/updates/main/i/im/im_141.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/i/im/im_141-18.2_all.deb

MD5 checksums of the listed files are available in the original advisory.

MD5 checksums of the listed files are available in the revised advisory.