[mew-int 01230] Re: Mew 2.2 security problems?
Tatsuya Kinoshita
tats at example.com
Wed Dec 18 21:26:33 JST 2002
On December 18, 2002, [mew-int 01229],
Kazu Yamamoto <kazu at example.com> wrote:
> If you are using S/MIME, the following problems occur:
>
> (1) The filename parameter of Content-Disposition: contains a *full*
> path (of a temporary file). This let a bad guy know the exact file
> name of the temporary file.
>
> (2) The name of the temporary file abave is static, that is the same
> file name is used always.
>
> This may allow a bad guy to use temporary file attacks.
This problem can not damage user files. Another user with local
access can not complete the attacking with the temporary file
even if full pathname is known, because Mew creates sub-directory
in /tmp in safety. So, I feel that the security advisory of the
S/MIME problem in Mew 2.2 is dispensable.
BTW, another problem is found in Mew 2. The patch for Mew
2.2/2.3 is available in [mew-dist 22434].
(I sent bug reports to the Debian security team and the Debian
mew maintainer already.)
--
Tatsuya Kinoshita
More information about the Mew-int
mailing list