COMMAND

	mm insecure temporary files leading to local root access

SYSTEMS AFFECTED

	OSSP mm library (libmm) before 1.2.0

PROBLEM

	Marcus Meissner and Sebastian Krahmer discovered  a  race  condition  on
	creating  temporary  files  in  the  OSSP   mm   library.   The   Common
	Vulnerabilities  and   Exposures   (CVE)   project   assigned   the   id
	CAN-2002-0658 to the problem. The bug affects  all  programs  which  are
	linked with OSSP mm. This may allow an attacker to conduct a local  root
	exploit. OSSP mm is often used in Apache  setups  using  mod_ssl  and/or
	mod_php.  Here  the  vulnerability  can  be  exploited  to  obtain  root
	privilege if shell  access  to  the  Apache  run-time  user  is  already
	obtained.
	

	

SOLUTION

	Update your packages.