Detections
Analytics

Debian DSA-022-1 : exmh - local insecure tempfile creation

low Nessus Plugin ID 14859

Synopsis

The remote Debian host is missing a security-related update.

Description

Former versions of the exmh program used /tmp for storing temporary files. No checks were made to ensure that nobody placed a symlink with the same name in /tmp in the meantime and thus was vulnerable to a symlink attack. This could lead to a malicious local user being able to overwrite any file writable by the user executing exmh. Upstream developers have reported and fixed this. The exmh program now use /tmp/login unless TMPDIR or EXMHTMPDIR is set.

Solution

Upgrade the exmh packages immediately.

See Also

http://www.debian.org/security/2001/dsa-022

Plugin Details

Severity: Low

ID: 14859

File Name: debian_DSA-022.nasl

Version: 1.23

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 1.2

Temporal Score: 0.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:exmh, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 1/26/2001

Reference Information

CVE: CVE-2001-0125

BID: 2201

DSA: 022