Vulnerabilities > CVE-2001-0139

047910
CVSS 1.2 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
high complexity
caldera
immunix
debian
mandrakesoft
redhat
nessus

Summary

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2001-010.NASL
descriptionWireX discovered a potential temporary file race condition in the inn program. This condition is due partly to the way inn is compiled and configured on some Linux distributions, including Linux-Mandrake, and partly due to the lack of information in the inn package detailing potential security problems if you do not tell inn to use a private temporary directory. The patch supplied by WireX that creates temporary files correctly has been applied, and the temporary directory that inn uses has been moved from /usr/tmp to /var/spool/news/tmp which is available solely to the news user which inn runs as.
last seen2020-06-01
modified2020-06-02
plugin id61884
published2012-09-06
reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/61884
titleMandrake Linux Security Advisory : inn (MDKSA-2001:010)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2001:010. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(61884);
  script_version("1.5");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2001-0139");
  script_xref(name:"MDKSA", value:"2001:010");

  script_name(english:"Mandrake Linux Security Advisory : inn (MDKSA-2001:010)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"WireX discovered a potential temporary file race condition in the inn
program. This condition is due partly to the way inn is compiled and
configured on some Linux distributions, including Linux-Mandrake, and
partly due to the lack of information in the inn package detailing
potential security problems if you do not tell inn to use a private
temporary directory. The patch supplied by WireX that creates
temporary files correctly has been applied, and the temporary
directory that inn uses has been moved from /usr/tmp to
/var/spool/news/tmp which is available solely to the news user which
inn runs as."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected inews, inn and / or inn-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:inews");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:inn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:inn-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2001/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"inews-2.2.3-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"inn-2.2.3-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"inn-devel-2.2.3-1.3mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"inews-2.2.3-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"inn-2.2.3-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"inn-devel-2.2.3-1.3mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"inews-2.2.3-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"inn-2.2.3-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"inn-devel-2.2.3-1.3mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"inews-2.2.3-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"inn-2.2.3-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"inn-devel-2.2.3-1.3mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"inews-2.2.3-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"inn-2.2.3-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"inn-devel-2.2.3-1.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");