CVE

Id
5779  
CVE No.
CVE-2002-1395  
Status
Candidate  
Description
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.  
Phase
Modified (20071113)  
Votes
ACCEPT(2) Cole, Green | MODIFY(1) Cox  
Comments
Cox> 141-18 is an internal Debian package version, it should read "(IM) 141 | and earlier". For verification see http://tats.iris.ne.jp/im/ | Addref: RHSA-2003:038  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
32429 5779 CVE-2002-1395 DEBIAN:DSA-202  View
32430 5779 CVE-2002-1395 URL:http://www.debian.org/security/2002/dsa-202  View
32431 5779 CVE-2002-1395 REDHAT:RHSA-2003:039  View
32432 5779 CVE-2002-1395 URL:http://www.redhat.com/support/errata/RHSA-2003-039.html  View
32433 5779 CVE-2002-1395 BID:6307  View
32434 5779 CVE-2002-1395 URL:http://www.securityfocus.com/bid/6307  View
32435 5779 CVE-2002-1395 SECUNIA:8166  View
32436 5779 CVE-2002-1395 URL:http://secunia.com/advisories/8166  View
32437 5779 CVE-2002-1395 SECUNIA:8242  View
32438 5779 CVE-2002-1395 URL:http://secunia.com/advisories/8242  View
32439 5779 CVE-2002-1395 XF:im-impwagent-insecure-directory(10766)  View
32440 5779 CVE-2002-1395 URL:http://www.iss.net/security_center/static/10766.php  View
32441 5779 CVE-2002-1395 XF:im-immknmz-symlink(10767)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63341 JVNDB-2003-000067 IM (Internet Message) における類推可能なファイル名で一時ファイルを作成する脆弱性 IM (Internet Message) 以前には、 /tmp ディレクトリ内に類推可能なファイル名で一時ファイルを作成する不備があり、他のユーザが読み書きする電子メールやネットニュースの記事の内容の漏洩、あるいは削除や改ざんされる脆弱性が存在します。 CVE-2002-1395 5779 2.1 http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000067.html  View