Lucene search
HistoryDec 31, 2005 - 5:00 a.m.
CVE-2005-3342
noweb
symlink attacks
arbitrary files
security vulnerability
6 Medium
AI Score
Confidence
Low
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.2%
noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.
| CPE | Name | Operator | Version |
|---|---|---|---|
| norman_ramsey:noweb | norman ramsey noweb | eq | 2.9a |
| norman_ramsey:noweb | norman ramsey noweb | eq | 2.10c |
References
Related
debian
debian
openvas
openvas
Gentoo Security Advisory GLSA 200602-14 (noweb)
2008-09-24 00:00:00
Debian Security Advisory DSA 968-1 (noweb)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200602-14 (noweb)
2008-09-24 00:00:00
securityvulns
securityvulns
debiancve
debiancve
CVE-2005-3342
2005-12-31 05:00:00
nessus
nessus
Debian DSA-968-1 : noweb - insecure temporary file
2006-10-14 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : noweb vulnerability (USN-254-1)
2006-03-13 00:00:00
GLSA-200602-14 : noweb: Insecure temporary file creation
2006-02-27 00:00:00
osv
osv
noweb - insecure temporary file
2006-02-13 00:00:00
cvelist
cvelist
CVE-2005-3342
2006-02-14 20:00:00
ubuntucve
ubuntucve
CVE-2005-3342
2005-12-31 00:00:00
ubuntu
ubuntu
noweb vulnerability
2006-02-22 00:00:00
gentoo
gentoo
noweb: Insecure temporary file creation
2006-02-26 00:00:00
6 Medium
AI Score
Confidence
Low
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.2%
Related for CVE-2005-3342