Bug 112468
Summary: | Temporary files are world writeable | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Andrew E. Mileski <andrewm> |
Component: | imap | Assignee: | John Dennis <jdennis> |
Status: | CLOSED DUPLICATE | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | CC: | mitr |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-02-21 19:00:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Andrew E. Mileski
2003-12-20 09:28:51 UTC
Yep, this security flaw is inherent in the design of UW imap, and is covered in the UW imap FAQ. The UW people believe that this isn't an issue at all, and they refuse to address it. Fixing the problem essentially means forking the UW imap codebase, and maintaining our own fork which is incompatible with all other OS vendors. We have decided to replace UW imap with alternative software in future OS releases instead, due to the large number of security problems in the UW imap software, and frequent security vulnerabilities. *** This bug has been marked as a duplicate of 39685 *** Changed to 'CLOSED' state since 'RESOLVED' has been deprecated. |