Lucene search

[email protected]CVE-2005-2693

HistoryAug 26, 2005 - 3:50 p.m.

CVE-2005-2693

2005-08-2615:50:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005

2693

cvs

insecure

temporary file

symlink attack

6.7 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.8%

JSON

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.

CPENameOperatorVersion
cvs:cvscvseq1.12.12

CPE	Name	Operator	Version
cvs:cvs	cvs	eq	1.12.12

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc

secunia.com/advisories/16765

securitytracker.com/id?1014857

www.debian.org/security/2005/dsa-802

www.debian.org/security/2005/dsa-806

www.redhat.com/support/errata/RHSA-2005-756.html

www.vupen.com/english/advisories/2005/1667

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835

6.7 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.8%

JSON

Related for CVE-2005-2693

debian4 openvas4 redhat1 debiancve1 nessus5 ubuntucve1 freebsd_advisory1 centos2 osv2 freebsd1