Description
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.
Affected products
- Debian / internet_message133-0 – 133-0
- Debian / internet_message141-0 – 141-0
References
- VENDOR_ADVISORYhttp://www.debian.org/security/2002/dsa-202
- MISChttp://www.iss.net/security_center/static/10766.php
- MISChttp://www.securityfocus.com/bid/6307
- VENDOR_ADVISORYhttp://secunia.com/advisories/8242
- VENDOR_ADVISORYhttp://secunia.com/advisories/8166
- MISChttp://www.iss.net/security_center/static/10767.php
- MISChttp://www.redhat.com/support/errata/RHSA-2003-039.html