Lucene search

[email protected]CVE-2005-4691

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4691

2005-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

vulnerability

cve-2005-4691

netbsd

x.org

xfree86

symlink attack

file overwrite

7.2 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page.

CPENameOperatorVersion
netbsd:netbsdnetbsdeq1.6
netbsd:netbsdnetbsdeq2.0.2
netbsd:netbsdnetbsdeq1.6.1
netbsd:netbsdnetbsdeq1.6.2
netbsd:netbsdnetbsdeq2.0.1
netbsd:netbsdnetbsdeq2.0

CPE	Name	Operator	Version
netbsd:netbsd	netbsd	eq	1.6
netbsd:netbsd	netbsd	eq	2.0.2
netbsd:netbsd	netbsd	eq	1.6.1
netbsd:netbsd	netbsd	eq	1.6.2
netbsd:netbsd	netbsd	eq	2.0.1
netbsd:netbsd	netbsd	eq	2.0

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-009.txt.asc

mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html

mail-index.netbsd.org/source-changes/2005/09/12/0043.html

securitytracker.com/id?1015132

www.osvdb.org/20731

www.securityfocus.com/bid/15263

7.2 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON