Notified: January 11, 2001 Updated: August 17, 2001
Affected
http://www.linuxsecurity.com/advisories/caldera_advisory-1057.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 29, 2001 Updated: August 17, 2001
Affected
http://www.linuxsecurity.com/advisories/debian_advisory-1098.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 10, 2001 Updated: August 17, 2001
Affected
Immunix advisory IMNX-2000-70-023-01 (see below).
The vendor has not provided us with any further information regarding this vulnerability.
Packages updated: inn
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1315
Date: January 10, 2000
Advisory ID: IMNX-2000-70-023-01
Author: Greg Kroah-Hartman
Notified: January 16, 2001 Updated: August 17, 2001
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
It's recently come to our attention that some repackagers of INN have mistakenly shipped INN packages configured to use the system temporary directory (either /tmp or /var/tmp) for create temporary files. INN expects its configured temporary directory to only be writeable by the news user and does not take sufficient precautions when creating temporary files to be able to use world-writeable temporary directories. This configuration could be exploited to gain access to the news account. This was partly a configuration error and partly a documentation problem. This issue should have been much more clearly pointed out in the installation documentation (fixed in the current version of INN). If you are using a pre-compiled version of INN, please check the configuration in inn.conf and make sure that pathtmp points to a directory that is not world-writeable. If it does point to a world-writeable directory, create a new directory owned by the news user and only writeable by that user, change pathtmp in inn.conf to point to that directory, and restart INN (with rc.news stop; rc.news start). If you package INN as part of a distribution, please make sure that INN is configured to use a private temporary directory. If you configure INN with --prefix=/usr, you will need to use --with-tmp-path to ensure that the temporary directory is not set to /usr/tmp. As of INN 2.3.1, which was released on 2001-01-11, INN will warn loudly at configure time if the configured temporary directory is world-writeable. There is also additional documentation of this issue in INSTALL. There is work underway both to make FHS-compliance a standard configure option so that these sorts of problems can be caught and solved in one place and to make INN more robust against use of a world-writeable temporary directory. We will always strongly recommend, however, that INN be configured to use a private temporary directory, since getting all of the details of safe temporary file handling right in a portable manner is difficult and there's no reason not to use a private directory. Thanks to Greg KH and Steve Beattie at WireX for bringing this to our attention. Russ Allbery Katsuhiro Kondou inn@isc.org
Notified: January 10, 2001 Updated: August 17, 2001
Affected
http://www.linuxsecurity.com/advisories/mandrake_advisory-1038.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.