[mew-int 01136] IM141 local security issues
Tatsuya Kinoshita
tats at example.com
Mon Oct 28 22:46:02 JST 2002
I discovered that IM141 (and previous versions) creates temporary
files insecurely.
(1) The impwagent program creates a temporary directory in an
insecure manner in /tmp using predictable directory names, so
it's possible to seize a permission of the temporary directory by
local access as another user.
(2) The immknmz program creates a temporary file in an insecure
manner in /tmp using a predictable filename, so an attacker with
local access can easily create and overwrite files as another
user. (This vulnerability was already fixed by Koga Youichirou
in [mew-dist 18577] and IM141+tats20011108, but the `predictable
filename' issue was not fixed.)
These problems have been fixed in the unofficial patch,
IM141+tats20021028. I recommend that you upgrade your IM
package.
http://tats.iris.ne.jp/im/im-141+tats20021028.diff
http://tats.iris.ne.jp/im/im-141.tar.gz
(IM (Internet Message) is user interface commands and backend
Perl libraries for E-mail and NetNews. They are designed to be
used both from Mew version 1.x and on command line.)
P.S.
I'm going to maintain IM officially. I obtained Kazu's consent.
I'll release IM142 in no distant future.
--
Tatsuya Kinoshita
More information about the Mew-int
mailing list