[mew-dist 22084] IM141 local security issues

2002年 10月 28日 (月) 22:46:02 JST

I discovered that IM141 (and previous versions) creates temporary
files insecurely.

(1) The impwagent program creates a temporary directory in an
insecure manner in /tmp using predictable directory names, so
it's possible to seize a permission of the temporary directory by
local access as another user.

(2) The immknmz program creates a temporary file in an insecure
manner in /tmp using a predictable filename, so an attacker with
local access can easily create and overwrite files as another
user.  (This vulnerability was already fixed by Koga Youichirou
in [mew-dist 18577] and IM141+tats20011108, but the `predictable
filename' issue was not fixed.)

These problems have been fixed in the unofficial patch,
IM141+tats20021028.  I recommend that you upgrade your IM
package.

  http://tats.iris.ne.jp/im/im-141+tats20021028.diff
  http://tats.iris.ne.jp/im/im-141.tar.gz

(IM (Internet Message) is user interface commands and backend
Perl libraries for E-mail and NetNews.  They are designed to be
used both from Mew version 1.x and on command line.)

P.S.

I'm going to maintain IM officially.  I obtained Kazu's consent.
I'll release IM142 in no distant future.

-- 
Tatsuya Kinoshita