VULHUB ™

A potential denial of service exists in all versions of the IMP web mail package. The MSWordView application utilizes /tmp as temporary space for converting MS Word documents to html. If the MSWordView application is terminated prior to completion, the file created in /tmp will not be removed. A remote user can exploit this flaw, and cause the /tmp filesystem to fill with files. This could cause a myriad of problems, including crashing the system, depending on the implementation of the operating system and the /tmp file system. This vulnerability requires the user have an account of the machine for receiving web based mail.

A potential denial of service exists in all versions of the IMP web mail package. The MSWordView application utilizes /tmp as temporary space for converting MS Word documents to html. If the MSWordView application is terminated prior to completion, the file created in /tmp will not be removed. A remote user can exploit this flaw, and cause the /tmp filesystem to fill with files. This could cause a myriad of problems, including crashing the system, depending on the implementation of the operating system and the /tmp file system. This vulnerability requires the user have an account of the machine for receiving web based mail.