Vulnerability Note VU#964488

ISC inn creates temporary files insecurely

Original Release date: 27 Sep 2001 | Last revised: 27 Sep 2001

Overview

inn, a network news agent, may be configured on some operating systems to use a publically-writeable directory for its temporary files. This may be exploited to gain access to the news account.

Description

inn is distributed on a variety of Linux platforms. The program is written under the assumption that the directory in which it stores temporary files is a private directory. On some platforms, it may be configured to create temporary files in /tmp or /var/tmp, both of which are world-writeable directories. This may leave inn subject to modification of files either by symbolic links, or by direct modification of the temporary files.

Impact

By creating a symbolic link named for the temporary file and pointed toward an inn configuration file, an attacker may cause modification of these files (or any other file writable by the news user). Should the attacker manage to control the content of these files, it may be possible to gain access to the news account.

Solution

Apply vendor patches; see the Systems Affected section below.

Reconfigure inn to use a non-world-writable temporary directory.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
CalderaAffected11 Jan 200117 Aug 2001
DebianAffected29 Jan 200117 Aug 2001
ImmunixAffected10 Jan 200117 Aug 2001
ISCAffected16 Jan 200117 Aug 2001
MandrakeSoftAffected10 Jan 200117 Aug 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was first described by Greg Kroah-Hartman.

This document was last modified by Tim Shimeall.

Other Information

  • CVE IDs: CAN-2001-0139
  • Date Public: 10 Jan 2001
  • Date First Published: 27 Sep 2001
  • Date Last Updated: 27 Sep 2001
  • Severity Metric: 5.40
  • Document Revision: 14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.