Lucene search

[email protected]CVE-2005-3268

HistoryOct 20, 2005 - 11:02 p.m.

CVE-2005-3268

2005-10-2023:02:00

[email protected]

web.nvd.nist.gov

cve-2005-3268

yiff server

yiff-server

debian gnu/linux

root access vulnerability

file ownership verification

local user exploit

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.

Affected configurations

NVD

Node

raphael_bossekyiff_serverMatch2.14.2.7

CPENameOperatorVersion
raphael_bossek:yiff_serverraphael bossek yiff servereq2.14.2.7

CPE	Name	Operator	Version
raphael_bossek:yiff_server	raphael bossek yiff server	eq	2.14.2.7

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=334616

secunia.com/advisories/17242

www.osvdb.org/20074

www.securityfocus.com/bid/15140

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-3268

cvelist1 ubuntucve1 nvd1