ID CVE-2005-1879 Type cve Reporter NVD Modified 2008-09-05T16:50:19
Description
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1879", "history": [], "references": ["http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034424.html", "http://securitytracker.com/id?1014112", "http://www.zataz.net/adviso/lutelwall-05222005.txt", "http://security.gentoo.org/glsa/glsa-200506-10.xml", "http://firewall.lutel.pl/download/0.98/ChangeLog", "http://www.securityfocus.com/bid/13863"], "lastseen": "2016-09-03T05:31:10", "bulletinFamily": "NVD", "title": "CVE-2005-1879", "cpe": ["cpe:/a:tomasz_lutelmowski:lutelwall:0.95", "cpe:/a:tomasz_lutelmowski:lutelwall:0.96", "cpe:/a:tomasz_lutelmowski:lutelwall:0.92", "cpe:/a:tomasz_lutelmowski:lutelwall:0.91", "cpe:/a:tomasz_lutelmowski:lutelwall:0.93", "cpe:/a:tomasz_lutelmowski:lutelwall:0.94", "cpe:/a:tomasz_lutelmowski:lutelwall:0.97"], "viewCount": 0, "id": "CVE-2005-1879", "hash": "57d66b07c93b25e2056a73f15cade096fa0a41f81b1796fe0dbcf353bd65911e", "description": "LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2005-1879"], "scanner": [], "modified": "2008-09-05T16:50:19", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2005-06-09T00:00:00", "enchantments": {"score": {"value": 2.1, "vector": "NONE", "modified": "2016-09-03T05:31:10"}, "vulnersScore": 2.1}}
{"openvas": [{"lastseen": "2017-07-24T12:49:41", "references": [], "pluginID": "54962", "description": "The remote host is missing updates announced in\nadvisory GLSA 200506-10.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "Gentoo Security Advisory GLSA 200506-10 (LutelWall)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1879"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54962", "id": "OPENVAS:54962", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"LutelWall is vulnerable to symlink attacks, potentially allowing a local\nuser to overwrite arbitrary files.\";\ntag_solution = \"All LutelWall users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-firewall/lutelwall-0.98'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200506-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=95378\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200506-10.\";\n\n \n\nif(description)\n{\n script_id(54962);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(13863);\n script_cve_id(\"CVE-2005-1879\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200506-10 (LutelWall)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-firewall/lutelwall\", unaffected: make_list(\"ge 0.98\"), vulnerable: make_list(\"lt 0.98\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1879", "https://bugs.gentoo.org/show_bug.cgi?id=95378"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.98", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-firewall/lutelwall", "operator": "lt"}], "edition": 1, "description": "### Background\n\nLutelWall is a high-level Linux firewall configuration tool. \n\n### Description\n\nEric Romang has discovered that the new_version_check() function in LutelWall insecurely creates a temporary file when updating to a new version. \n\n### Impact\n\nA local attacker could create symbolic links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When the update script is executed (usually by the root user), this would result in the file being overwritten with the rights of this user. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll LutelWall users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-firewall/lutelwall-0.98\"", "reporter": "Gentoo Foundation", "published": "2005-06-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "LutelWall: Insecure temporary file creation", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1879"], "modified": "2005-06-11T00:00:00", "id": "GLSA-200506-10", "href": "https://security.gentoo.org/glsa/200506-10", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:13", "references": [], "edition": 1, "description": "## Vulnerability Description\nA vulnerability exists in a portion of LutelWall that looks for new versions. This vulnerability creates a temporary file with insecure permissions that, with creative use of symlinks, would allow an attacker to overwrite or create files with the privileges of the user that runs the update script. Because the update script is run as root, this could give the attacker the ability to create or overwrite nearly any file on the system.\n## Solution Description\nUpgrade to version 0.98 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA vulnerability exists in a portion of LutelWall that looks for new versions. This vulnerability creates a temporary file with insecure permissions that, with creative use of symlinks, would allow an attacker to overwrite or create files with the privileges of the user that runs the update script. Because the update script is run as root, this could give the attacker the ability to create or overwrite nearly any file on the system.\n## References:\nVendor URL: http://firewall.lutel.pl/index.php\nSecurity Tracker: 1014112\n[Secunia Advisory ID:15665](https://secuniaresearch.flexerasoftware.com/advisories/15665/)\n[Secunia Advisory ID:15647](https://secuniaresearch.flexerasoftware.com/advisories/15647/)\nOther Advisory URL: http://www.zataz.net/adviso/lutelwall-05222005.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200506-10.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0038.html\n[CVE-2005-1879](https://vulners.com/cve/CVE-2005-1879)\n", "reporter": "Eric Romang(eromang@zataz.net)", "published": "2005-06-06T18:51:06", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "LutelWall Symlink Arbitrary File Create/Overwrite", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [{"name": "LutelWall", "version": "0.97", "operator": "eq"}], "cvelist": ["CVE-2005-1879"], "modified": "2005-06-06T18:51:06", "href": "https://vulners.com/osvdb/OSVDB:17173", "id": "OSVDB:17173", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:06:08", "references": ["https://security.gentoo.org/glsa/200506-10"], "pluginID": "18467", "description": "The remote host is affected by the vulnerability described in GLSA-200506-10\n(LutelWall: Insecure temporary file creation)\n\n Eric Romang has discovered that the new_version_check() function\n in LutelWall insecurely creates a temporary file when updating to a new\n version.\nImpact :\n\n A local attacker could create symbolic links in the temporary file\n directory, pointing to a valid file somewhere on the filesystem. When\n the update script is executed (usually by the root user), this would\n result in the file being overwritten with the rights of this user.\nWorkaround :\n\n There is no known workaround at this time.", "edition": 6, "reporter": "Tenable", "published": "2005-06-13T00:00:00", "title": "GLSA-200506-10 : LutelWall: Insecure temporary file creation", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1879"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lutelwall"], "id": "GENTOO_GLSA-200506-10.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200506-10.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18467);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-1879\");\n script_xref(name:\"GLSA\", value:\"200506-10\");\n\n script_name(english:\"GLSA-200506-10 : LutelWall: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200506-10\n(LutelWall: Insecure temporary file creation)\n\n Eric Romang has discovered that the new_version_check() function\n in LutelWall insecurely creates a temporary file when updating to a new\n version.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary file\n directory, pointing to a valid file somewhere on the filesystem. When\n the update script is executed (usually by the root user), this would\n result in the file being overwritten with the rights of this user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200506-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All LutelWall users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-firewall/lutelwall-0.98'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lutelwall\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/06/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-firewall/lutelwall\", unaffected:make_list(\"ge 0.98\"), vulnerable:make_list(\"lt 0.98\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LutelWall\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
