Mandrake Linux Security Advisory : inn (MDKSA-2001:010)
Low Nessus Plugin ID 61884
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionWireX discovered a potential temporary file race condition in the inn program. This condition is due partly to the way inn is compiled and configured on some Linux distributions, including Linux-Mandrake, and partly due to the lack of information in the inn package detailing potential security problems if you do not tell inn to use a private temporary directory. The patch supplied by WireX that creates temporary files correctly has been applied, and the temporary directory that inn uses has been moved from /usr/tmp to /var/spool/news/tmp which is available solely to the news user which inn runs as.
SolutionUpdate the affected inews, inn and / or inn-devel packages.