Mandrake Linux Security Advisory : exmh (MDKSA-2001:015)
Low Nessus Plugin ID 61889
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionAll versions of exmh prior to 2.3.1 use the /tmp directory for storing temporary files. This was done in an insecure manner as exmh did not check to ensure that nobody placed a symlink with the same name in /tmp in the meantime and thus was vulnerable to a symlink attack. This could lead to a malicious local user being able to overwrite any file writable by the user executing exmh. These updated versions of exmh now use /tmp/username unless TMPDIR or EXMHTMPDIR is set.
SolutionUpdate the affected exmh package.