Date: Tue, 17 Jul 2001 11:53:49 -0600
From: Support Info <email@example.com>
Subject: Security Update: [CSSA-2001--25.0] Linux - imp uses /tmp unsafely
Caldera International, Inc. Security Advisory
Subject: Linux - imp uses /tmp unsafely
Advisory number: CSSA-2001-025.0
Issue date: 2001, July 13
1. Problem Description
Horde and Imp use /tmp in an unsafe manner, allowing local users to
gain access to the webserver (httpd) account. They also do not protect
internal data files from being viewed by local or remote attackers.
The updates packages fix the /tmp problems, add restrictions on what
files can be viewed and also disables it by default.
2. Vulnerable Versions
OpenLinux 2.3 not vulnerable
OpenLinux eServer 2.3.1 not vulnerable
and OpenLinux eBuilder
OpenLinux eDesktop 2.4 not vulnerable
OpenLinux Server 3.1 All packages previous to
OpenLinux Workstation 3.1 not vulnerable
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
6. OpenLinux eDesktop 2.4
7. OpenLinux 3.1 Server
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
The corresponding source code package can be found at:
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh horde-*i386.rpm imp-*i386.rpm
8. OpenLinux 3.1 Workstation
This and other Caldera security resources are located at:
This security fix closes Caldera's internal Problem Report 10116.
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
Caldera International wishes to thank Jarno Huuskonen for discovering
the /tmp file problems and the Horde and IMP teams for providing fixes.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.