ID CVE-2005-1879 Type cve Reporter NVD Modified 2008-09-05T16:50:19
Description
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1879", "history": [], "references": ["http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034424.html", "http://securitytracker.com/id?1014112", "http://www.zataz.net/adviso/lutelwall-05222005.txt", "http://security.gentoo.org/glsa/glsa-200506-10.xml", "http://firewall.lutel.pl/download/0.98/ChangeLog", "http://www.securityfocus.com/bid/13863"], "lastseen": "2016-09-03T05:31:10", "bulletinFamily": "NVD", "title": "CVE-2005-1879", "cpe": ["cpe:/a:tomasz_lutelmowski:lutelwall:0.95", "cpe:/a:tomasz_lutelmowski:lutelwall:0.96", "cpe:/a:tomasz_lutelmowski:lutelwall:0.92", "cpe:/a:tomasz_lutelmowski:lutelwall:0.91", "cpe:/a:tomasz_lutelmowski:lutelwall:0.93", "cpe:/a:tomasz_lutelmowski:lutelwall:0.94", "cpe:/a:tomasz_lutelmowski:lutelwall:0.97"], "viewCount": 0, "id": "CVE-2005-1879", "hash": "57d66b07c93b25e2056a73f15cade096fa0a41f81b1796fe0dbcf353bd65911e", "description": "LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2005-1879"], "scanner": [], "modified": "2008-09-05T16:50:19", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2005-06-09T00:00:00", "enchantments": {"vulnersScore": 4.0}}
{"result": {"gentoo": [{"id": "GLSA-200506-10", "type": "gentoo", "title": "LutelWall: Insecure temporary file creation", "description": "### Background\n\nLutelWall is a high-level Linux firewall configuration tool. \n\n### Description\n\nEric Romang has discovered that the new_version_check() function in LutelWall insecurely creates a temporary file when updating to a new version. \n\n### Impact\n\nA local attacker could create symbolic links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When the update script is executed (usually by the root user), this would result in the file being overwritten with the rights of this user. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll LutelWall users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-firewall/lutelwall-0.98\"", "published": "2005-06-11T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://security.gentoo.org/glsa/200506-10", "cvelist": ["CVE-2005-1879"], "lastseen": "2016-09-06T19:46:21"}], "openvas": [{"id": "OPENVAS:54962", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200506-10 (LutelWall)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200506-10.", "published": "2008-09-24T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54962", "cvelist": ["CVE-2005-1879"], "lastseen": "2017-07-24T12:49:41"}], "nessus": [{"id": "GENTOO_GLSA-200506-10.NASL", "type": "nessus", "title": "GLSA-200506-10 : LutelWall: Insecure temporary file creation", "description": "The remote host is affected by the vulnerability described in GLSA-200506-10 (LutelWall: Insecure temporary file creation)\n\n Eric Romang has discovered that the new_version_check() function in LutelWall insecurely creates a temporary file when updating to a new version.\n Impact :\n\n A local attacker could create symbolic links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When the update script is executed (usually by the root user), this would result in the file being overwritten with the rights of this user.\n Workaround :\n\n There is no known workaround at this time.", "published": "2005-06-13T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18467", "cvelist": ["CVE-2005-1879"], "lastseen": "2017-10-29T13:37:58"}], "osvdb": [{"id": "OSVDB:17173", "type": "osvdb", "title": "LutelWall Symlink Arbitrary File Create/Overwrite", "description": "## Vulnerability Description\nA vulnerability exists in a portion of LutelWall that looks for new versions. This vulnerability creates a temporary file with insecure permissions that, with creative use of symlinks, would allow an attacker to overwrite or create files with the privileges of the user that runs the update script. Because the update script is run as root, this could give the attacker the ability to create or overwrite nearly any file on the system.\n## Solution Description\nUpgrade to version 0.98 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA vulnerability exists in a portion of LutelWall that looks for new versions. This vulnerability creates a temporary file with insecure permissions that, with creative use of symlinks, would allow an attacker to overwrite or create files with the privileges of the user that runs the update script. Because the update script is run as root, this could give the attacker the ability to create or overwrite nearly any file on the system.\n## References:\nVendor URL: http://firewall.lutel.pl/index.php\nSecurity Tracker: 1014112\n[Secunia Advisory ID:15665](https://secuniaresearch.flexerasoftware.com/advisories/15665/)\n[Secunia Advisory ID:15647](https://secuniaresearch.flexerasoftware.com/advisories/15647/)\nOther Advisory URL: http://www.zataz.net/adviso/lutelwall-05222005.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200506-10.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0038.html\n[CVE-2005-1879](https://vulners.com/cve/CVE-2005-1879)\n", "published": "2005-06-06T18:51:06", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:17173", "cvelist": ["CVE-2005-1879"], "lastseen": "2017-04-28T13:20:13"}]}}
