blob: e20cf64e8febea64d3c625f0b5c0cb9b50ab2a02 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#use wml::debian::translation-check translation="bfe0f70f38a6a393244a7c7f24482dff616eb5ec"
#<define-tag description>insecure temporary files</define-tag>
<define-tag description>不安全的暫存檔案</define-tag>
<define-tag moreinfo>
#<p>Tatsuya Kinoshita discovered that IM, which contains interface
#commands and Perl libraries for E-mail and NetNews, creates temporary
#files insecurely.</p>
<p>Tatsuya Kinoshita 發現 IM 會生不安全的暫存檔案。IM 包含了 E-mail 與
NetNews 的介面與 Perl 函式庫等。</p>
<ul>
#<li> The impwagent program creates a temporary directory in an insecure
# manner in /tmp using predictable directory names without checking
# the return code of mkdir, so it's possible to seize a permission
# of the temporary directory by local access as another user.</li>
<li>impwagent 這支程式會用不安全的方式,在 /tmp 下產生一個可以預測名稱
的暫存目錄,而且不會檢查 mkdir 的回傳值。所以有可能會使用其他使用者產生
的暫存目錄。</li>
#<li> The immknmz program creates a temporary file in an insecure manner
# in /tmp using a predictable filename, so an attacker with local
# access can easily create and overwrite files as another user.</li>
<li>immknmz 這支程式會用不安全的方式,在 /tmp 下產生一個可以預測名稱的暫存目錄
,所以在本機上的攻擊者可以很輕易地產生並覆寫這些暫存檔案。</li>
</ul>
#<p>These problems have been fixed in version 141-18.1 for the current
#stable distribution (woody), in version 133-2.2 of the old stable
#distribution (potato) and in version 141-20 for the unstable
#distribution (sid).</p>
<p>這些問題已經在目前的穩定版 (woody) 的 141-18.1 版,還有舊的穩定版
(potato) 的 133-2.2 版,以及開發中版本 (sid) 的 141-20 版中修正。</p>
#<p>We recommend that you upgrade your IM package.</p>
<p>我們建議您立刻更新您的 IM 套件。</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2002/dsa-202.data"
# $Id$
|
