VULHUB ™

A vulnerability exists in the IMP webmail package that may allow sensitive information to be disclosed. By failing to set a restrictive umask, MS-Word documents which are converted by IMP in to HTML are readable by any user on the system. This action is performed by a utility named MSWordView, the files are stored in /tmp, and are named imp.word.<date>_<random data>.html. This vulnerability requires local access to the machine. As many installations are on machines which specifically do not allow user level access, this may not be an issue for all machines using IMP.

A vulnerability exists in the IMP webmail package that may allow sensitive information to be disclosed. By failing to set a restrictive umask, MS-Word documents which are converted by IMP in to HTML are readable by any user on the system. This action is performed by a utility named MSWordView, the files are stored in /tmp, and are named imp.word.<date>_<random data>.html. This vulnerability requires local access to the machine. As many installations are on machines which specifically do not allow user level access, this may not be an issue for all machines using IMP.