Lucene search

[email protected]CVE-2004-2605

HistoryNov 29, 2005 - 2:00 a.m.

CVE-2004-2605

2005-11-2902:00:00

[email protected]

web.nvd.nist.gov

astats

1.6.5

local users

arbitrary files

symlink attack

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.

Affected configurations

NVD

Node

astatsastatsMatch1.6.5

CPENameOperatorVersion
astats:astatsastatseq1.6.5

CPE	Name	Operator	Version
astats:astats	astats	eq	1.6.5

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=287604

secunia.com/advisories/13679

shellcode.org/pipermail/debian-audit/2004-December/000078.html

www.osvdb.org/12632

www.securityfocus.com/bid/12128

exchange.xforce.ibmcloud.com/vulnerabilities/18698

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-2605

cvelist1 nvd1