RHEL 2.1 : im (RHSA-2003:038)

low Nessus Plugin ID 12359

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated Internet Message packages are available that fix the insecure handling of temporary files.

[Updated 9 April 2003] Added packages for Red Hat Linux Advanced Workstation, Red Hat Enterprise Linux ES, and Red Hat Enterprise Linux WS.

Internet Message (IM) consists of a set of user interface commands and backend Perl5 libraries to integrate email and the NetNews user interface. These commands are designed to be used from both the Mew mail reader for Emacs and the command line.

A vulnerability has been discovered by Tatsuya Kinoshita in the way two IM utilities create temporary files. By anticipating the names used to create files and directories stored in the /tmp directory, it may be possible for a local attacker to corrupt or modify data as another user.

Users of IM are advised to install these packages which contain a backported patch to correct these issues.

Solution

Update the affected im package.

See Also

https://access.redhat.com/security/cve/cve-2002-1395

https://www.debian.org/security/2002/dsa-202

https://access.redhat.com/errata/RHSA-2003:038

Plugin Details

Severity: Low

ID: 12359

File Name: redhat-RHSA-2003-038.nasl

Version: 1.27

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:im, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 5/22/2003

Vulnerability Publication Date: 1/17/2003

Reference Information

CVE: CVE-2002-1395

RHSA: 2003:038