Immunix Information for VU#964488

ISC inn creates temporary files insecurely



Vendor Statement

Immunix advisory IMNX-2000-70-023-01 (see below).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References




Packages updated: inn
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1315
Date: January 10, 2000
Advisory ID: IMNX-2000-70-023-01
Author: Greg Kroah-Hartman <>

 In an internal audit conducted while preparing Immunix Linux 7.0 we
 noticed a potential temp file race problem in the inn program.  This
 is partly due to the way that the inn program is compiled and set up
 on Immunix Linux, and partly due to the lack of information in the inn
 program detailing potential security problems if you do not tell inn
 to use a private temporary directory.  We have applied a patch that
 creates temporary files safely for inn, AND moved all temp file
 creation by inn into it's own private directory which should solve
 this problem.

  Packages have been created and released for Immunix 7.0 beta to fix
 this problem.

Package names and locations:
 Precompiled binary packages for Immunix 7.0 beta is available at:

  Source package for Immunix 7.0 beta is available at:

md5sums of the packages:
 ead2af814ce19919c1b9f3a5cb6db853  inews-2.2.3-3_StackGuard_3.i386.rpm
 feea622aca6a5b217e42f11df025fa90  inn-2.2.3-3_StackGuard_3.i386.rpm
 0fe0bad19dcde112b83e803023b85c9f  inn-devel-2.2.3-3_StackGuard_3.i386.rpm
 25676fde907a0b71f665512bdf1b2aa8  inn-2.2.3-3_StackGuard_3.src.rpm

If you have feedback, comments, or additional information about this vulnerability, please send us email.