RHEL 2.1 : im (RHSA-2003:038)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated Internet Message packages are available that fix the insecure
handling of temporary files.

[Updated 9 April 2003] Added packages for Red Hat Linux Advanced
Workstation, Red Hat Enterprise Linux ES, and Red Hat Enterprise Linux
WS.

Internet Message (IM) consists of a set of user interface commands and
backend Perl5 libraries to integrate email and the NetNews user
interface. These commands are designed to be used from both the Mew
mail reader for Emacs and the command line.

A vulnerability has been discovered by Tatsuya Kinoshita in the way
two IM utilities create temporary files. By anticipating the names
used to create files and directories stored in the /tmp directory, it
may be possible for a local attacker to corrupt or modify data as
another user.

Users of IM are advised to install these packages which contain a
backported patch to correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-1395.html
http://www.debian.org/security/2002/dsa-202
http://rhn.redhat.com/errata/RHSA-2003-038.html

Solution :

Update the affected im package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12359 ()

Bugtraq ID:

CVE ID: CVE-2002-1395