IMP/MSWordView /tmp File Permission Vulnerability
BID:1360
Info
IMP/MSWordView /tmp File Permission Vulnerability
| Bugtraq ID: | 1360 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 22 2000 12:00AM |
| Updated: | Apr 22 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on April 24, 2000 by Jose Nazario <[email protected]> |
| Vulnerable: |
IMP IMP 2.2 -pre9 IMP IMP 2.2 -pre10 IMP IMP 2.0.11 IMP IMP 2.0.10 IMP IMP 2.0.9 |
| Not Vulnerable: |
IMP IMP 2.2 -pre12 IMP IMP 2.2 -pre11 |
Exploit / POC
IMP/MSWordView /tmp File Permission Vulnerability
The converted documents should be present in /tmp for some period of time. Once they are displayed, they are deleted, so the window for viewing documents may be small.
The converted documents should be present in /tmp for some period of time. Once they are displayed, they are deleted, so the window for viewing documents may be small.
Solution / Fix
IMP/MSWordView /tmp File Permission Vulnerability
Solution:
CThis vulnerability was fixed in versions 2.2-pre11 of IMP. Those wishing to utilize IMP 2.0.11 (the latest stable version) can work around this problem by creating a directory writable by the user MSWordView is run by (typically whoever the web server runs as), and altering the imp/lib/mimetypes.lib file to change t the directory temporary files are made in by MSWordView.
IMP IMP 2.0.10
IMP IMP 2.0.11
IMP IMP 2.0.9
IMP IMP 2.2 -pre9
IMP IMP 2.2 -pre10
Solution:
CThis vulnerability was fixed in versions 2.2-pre11 of IMP. Those wishing to utilize IMP 2.0.11 (the latest stable version) can work around this problem by creating a directory writable by the user MSWordView is run by (typically whoever the web server runs as), and altering the imp/lib/mimetypes.lib file to change t the directory temporary files are made in by MSWordView.
IMP IMP 2.0.10
-
IMP IMP 2.2.0-pre11
ftp://ftp.horde.org/horde.org/imp/tarballs/imp-2.2.0-pre11.tar.gz
IMP IMP 2.0.11
-
IMP IMP 2.2.0-pre11
ftp://ftp.horde.org/horde.org/imp/tarballs/imp-2.2.0-pre11.tar.gz
IMP IMP 2.0.9
-
IMP IMP 2.2.0-pre11
ftp://ftp.horde.org/horde.org/imp/tarballs/imp-2.2.0-pre11.tar.gz
IMP IMP 2.2 -pre9
-
IMP IMP 2.2.0-pre11
ftp://ftp.horde.org/horde.org/imp/tarballs/imp-2.2.0-pre11.tar.gz
IMP IMP 2.2 -pre10
-
IMP IMP 2.2.0-pre11
ftp://ftp.horde.org/horde.org/imp/tarballs/imp-2.2.0-pre11.tar.gz