TkMail /tmp file symlink attack
| tkmail-tmp-file-symlink (10307) |  Medium Risk |
Description:
TkMail is vulnerable to a symlink attack. TkMail creates temporary files insecurely. A local attacker could exploit this vulnerability by creating symbolic links from TkMail temporary files to other files on the system, which could be overwritten with the privileges of another TkMail user, once the user executes TkMail.
Platforms Affected:
- Debian, Debian Linux 2.2
- Debian, Debian Linux 3.0
- Paul Raines, TkMail prior to 4.0beta9-9
Remedy:
For Debian GNU/Linux:
Upgrade to the appropriate tkmail packages, as listed below. Refer to DSA 172-1 for more information. See References.
Debian 2.2 (potato): 4.0beta9-4.1 or later
Debian 3.0 (woody): 4.0beta9-8.1 or later
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
File Manipulation
References:
- TkMail Web site, TkMail - a X Window Mail Reader at http://www.slac.stanford.edu/~raines/tkmail.html.
- BID-5911: TkMail Insecure Temporary Files Vulnerability
- CVE-2002-1193: tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.
- DSA-172: tkmail -- insecure temporary files
Reported:
Oct 08, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net