Rapid7 Vulnerability & Exploit Database

CESA-2003:038: im security update

Back to Search

CESA-2003:038: im security update

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
01/17/2003
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated Internet Message packages are available that fix the insecure handling of temporary files. [Updated 9 April 2003] Added packages for CentOS Linux Advanced Workstation, CentOS Linux ES, and CentOS Linux WS.

Internet Message (IM) consists of a set of user interface commands and backend Perl5 libraries to integrate email and the NetNews user interface. These commands are designed to be used from both the Mew mail reader for Emacs and the command line. A vulnerability has been discovered by Tatsuya Kinoshita in the way two IM utilities create temporary files. By anticipating the names used to create files and directories stored in the /tmp directory, it may be possible for a local attacker to corrupt or modify data as another user. Users of IM are advised to install these packages which contain a backported patch to correct these issues.

Solution(s)

  • centos-upgrade-im

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;