Caldera Systems Security Advisory: temp file problems in inn | Linux Today

Caldera Systems Security Advisory: temp file problems in inn

Written By
Web Webster
Web Webster
Jan 16, 2001

Date: Mon, 15 Jan 2001 17:11:05 -0700
From: Caldera Support Info sup-info@LOCUTUS4.CALDERASYSTEMS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Caldera Systems Security Advisory


                   Caldera Systems, Inc.  Security Advisory

Subject:                temp file problems in inn
Advisory number:        CSSA-2001-001.0
Issue date:             2001 January, 11
Cross reference:

1. Problem Description

INN uses a temporary directory for several operations. Those
operations use it in a unsecure manner, which would allow an
attacker to gain access to the ‘news’ user. Since INN is not
supposed to work in a public temporary directory, please use the
described workaround to change the temp directory to a news private
one.

2. Vulnerable Versions

   System                       Package

   OpenLinux Desktop 2.3        All released inn packages

   OpenLinux eServer 2.3.1      All released inn packages
   and OpenLinux eBuilder

   OpenLinux eDesktop 2.4       All released inn packages

3. Solution

Workaround:

   Edit /etc/news/inn.conf, change the line
        pathtmp:                /var/tmp
   to read
        pathtmp:                /var/run/news

   After this, restart INN by running as root:

        /etc/rc.d/init.d/news stop
        /etc/rc.d/init.d/news start

4. OpenLinux Desktop 2.3

No fixed packages released, see workaround above.

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential
3.0

No fixed packages released, see workaround above.

6. OpenLinux eDesktop 2.4

No fixed packages released, see workaround above.

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera’s internal Problem Report
8673.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.

9. Acknowledgements

Caldera Systems, Inc. wishes to thank the Team at Immunix, Greg
KH at Wirex and Solar Designer for drawing our attention, and their
cooperation.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.