Detections
Analytics
RHEL 2.1 : im (RHSA-2003:038)
low Nessus Plugin ID 12359
Synopsis
The remote Red Hat host is missing a security update.Description
Updated Internet Message packages are available that fix the insecure handling of temporary files.[Updated 9 April 2003] Added packages for Red Hat Linux Advanced Workstation, Red Hat Enterprise Linux ES, and Red Hat Enterprise Linux WS.
Internet Message (IM) consists of a set of user interface commands and backend Perl5 libraries to integrate email and the NetNews user interface. These commands are designed to be used from both the Mew mail reader for Emacs and the command line.
A vulnerability has been discovered by Tatsuya Kinoshita in the way two IM utilities create temporary files. By anticipating the names used to create files and directories stored in the /tmp directory, it may be possible for a local attacker to corrupt or modify data as another user.
Users of IM are advised to install these packages which contain a backported patch to correct these issues.
Solution
Update the affected im package.See Also
https://access.redhat.com/security/cve/cve-2002-1395
Plugin Details
Severity: Low
ID: 12359
File Name: redhat-RHSA-2003-038.nasl
Version: 1.27
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 7/6/2004
Updated: 1/14/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.7
CVSS v2
Risk Factor: Low
Base Score: 2.1
Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:2.1, p-cpe:/a:redhat:enterprise_linux:im
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 5/22/2003
Vulnerability Publication Date: 1/17/2003
Reference Information
CVE: CVE-2002-1395
RHSA: 2003:038