IMP/MSWordView /tmp File Deletion Denial of Service Vulnerability
BID:1361
Info
IMP/MSWordView /tmp File Deletion Denial of Service Vulnerability
| Bugtraq ID: | 1361 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 22 2000 12:00AM |
| Updated: | Apr 22 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on April 24, 2000 by Jose Nazario <[email protected]> |
| Vulnerable: |
IMP IMP 2.2 -pre9 IMP IMP 2.2 -pre12 IMP IMP 2.2 -pre11 IMP IMP 2.2 -pre10 IMP IMP 2.0.11 IMP IMP 2.0.10 IMP IMP 2.0.9 |
| Not Vulnerable: | |
Discussion
IMP/MSWordView /tmp File Deletion Denial of Service Vulnerability
A potential denial of service exists in all versions of the IMP web mail package. The MSWordView application utilizes /tmp as temporary space for converting MS Word documents to html. If the MSWordView application is terminated prior to completion, the file created in /tmp will not be removed. A remote user can exploit this flaw, and cause the /tmp filesystem to fill with files. This could cause a myriad of problems, including crashing the system, depending on the implementation of the operating system and the /tmp file system.
This vulnerability requires the user have an account of the machine for receiving web based mail.
A potential denial of service exists in all versions of the IMP web mail package. The MSWordView application utilizes /tmp as temporary space for converting MS Word documents to html. If the MSWordView application is terminated prior to completion, the file created in /tmp will not be removed. A remote user can exploit this flaw, and cause the /tmp filesystem to fill with files. This could cause a myriad of problems, including crashing the system, depending on the implementation of the operating system and the /tmp file system.
This vulnerability requires the user have an account of the machine for receiving web based mail.
Solution / Fix
IMP/MSWordView /tmp File Deletion Denial of Service Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
A suitable solution may be to set up a cron job which will remove any file present in /tmp that is over some period of time long. This time will depend on the system.
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
A suitable solution may be to set up a cron job which will remove any file present in /tmp that is over some period of time long. This time will depend on the system.