Rapid7 Vulnerability & Exploit Database

RHSA-2003:038: im security update

Back to Search

RHSA-2003:038: im security update

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
01/17/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

Updated Internet Message packages are available that fix the insecure handling of temporary files. [Updated 9 April 2003] Added packages for Red Hat Linux Advanced Workstation, Red Hat Enterprise Linux ES, and Red Hat Enterprise Linux WS.

Internet Message (IM) consists of a set of user interface commands and backend Perl5 libraries to integrate email and the NetNews user interface. These commands are designed to be used from both the Mew mail reader for Emacs and the command line. A vulnerability has been discovered by Tatsuya Kinoshita in the way two IM utilities create temporary files. By anticipating the names used to create files and directories stored in the /tmp directory, it may be possible for a local attacker to corrupt or modify data as another user. Users of IM are advised to install these packages which contain a backported patch to correct these issues.

Solution(s)

  • redhat-upgrade-im

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;