ID CVE-2005-4803 Type cve Reporter NVD Modified 2018-10-03T17:34:44
Description
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
{"id": "CVE-2005-4803", "bulletinFamily": "NVD", "title": "CVE-2005-4803", "description": "graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.", "published": "2005-12-31T00:00:00", "modified": "2018-10-03T17:34:44", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4803", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/15050", "https://usn.ubuntu.com/208-1/", "http://www.debian.org/security/2005/dsa-857", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:188"], "cvelist": ["CVE-2005-4803"], "type": "cve", "lastseen": "2018-10-04T11:15:22", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:graphviz:graphviz:1.5.2", "cpe:/a:graphviz:graphviz:1.7.5.3", "cpe:/a:graphviz:graphviz:1.10_2003-09-15_0415_1", "cpe:/a:graphviz:graphviz:2.2", "cpe:/a:graphviz:graphviz:1.10_2003-09-15_0415_2", "cpe:/a:graphviz:graphviz:1.7.5.7", "cpe:/a:graphviz:graphviz:1.7.5.6", "cpe:/a:graphviz:graphviz:1.8.5.2", "cpe:/a:graphviz:graphviz:1.5.1", "cpe:/a:graphviz:graphviz:1.7.16.1", "cpe:/a:graphviz:graphviz:1.14.1", "cpe:/a:graphviz:graphviz:1.7.5.1", "cpe:/a:graphviz:graphviz:1.8.9.1", "cpe:/a:graphviz:graphviz:1.8.5.1", "cpe:/a:graphviz:graphviz:1.12.1", "cpe:/a:graphviz:graphviz:1.12.3", "cpe:/a:graphviz:graphviz:1.12.2", "cpe:/a:graphviz:graphviz:1.7.5_0.1", "cpe:/a:graphviz:graphviz:1.7.5.5", "cpe:/a:graphviz:graphviz:1.7.5.2", "cpe:/a:graphviz:graphviz:1.7.5.4", "cpe:/a:graphviz:graphviz:1.7.5_0.3", "cpe:/a:graphviz:graphviz:1.7.16.2", "cpe:/a:graphviz:graphviz:1.7.5_0.2", "cpe:/a:graphviz:graphviz:1.16.1", "cpe:/a:graphviz:graphviz:1.5.3"], "cvelist": ["CVE-2005-4803"], "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T06:17:03", "value": 2.1, "vector": "NONE"}}, "hash": "2eb9ad00443853b04893767b687a6c3a0ecf65569d9bcb41cb0e9fcfe312d1f3", "hashmap": [{"hash": "52ac1a34ddb99e82c847801d93528117", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "37cde212e8428c82e880e766dacfe2a5", "key": "title"}, {"hash": "7077ec76a89ab073f09da3a76706147a", "key": "references"}, {"hash": "4c27986c5f735976aede5cb5192642bb", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "da456fb3082e5e36eaa92604ff90a80a", "key": "cvelist"}, {"hash": "332e1a129694308a9a47790c5a481895", "key": "modified"}, {"hash": "467b72b20688b077f9946f6e53e3429d", "key": "published"}, {"hash": "43924a10e47a41a83a8359f32fc24a6b", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "06a5703517e5155b4ab3b075260bb87c", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4803", "id": "CVE-2005-4803", "lastseen": "2016-09-03T06:17:03", "modified": "2008-09-05T16:57:52", "objectVersion": "1.2", "published": "2005-12-31T00:00:00", "references": ["http://www.securityfocus.com/bid/15050", "http://www.debian.org/security/2005/dsa-857", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:188", "http://www.ubuntulinux.org/support/documentation/usn/usn-208-1"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-4803", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:17:03"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "06a5703517e5155b4ab3b075260bb87c"}, {"key": "cvelist", "hash": "da456fb3082e5e36eaa92604ff90a80a"}, {"key": "cvss", "hash": "4c27986c5f735976aede5cb5192642bb"}, {"key": "description", "hash": "43924a10e47a41a83a8359f32fc24a6b"}, {"key": "href", "hash": "52ac1a34ddb99e82c847801d93528117"}, {"key": "modified", "hash": "45c1b5f8fc1b09397bf6aa2c927f07c3"}, {"key": "published", "hash": "467b72b20688b077f9946f6e53e3429d"}, {"key": "references", "hash": "cb233ffdbc1b28267e0cc3355b3b61a0"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "37cde212e8428c82e880e766dacfe2a5"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "8e1cb7e6f4d6383f48979b98b806ad8aab763fd39243a4975c382d5ae4ce6f58", "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE", "modified": "2018-10-04T11:15:22"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:graphviz:graphviz:1.5.2", "cpe:/a:graphviz:graphviz:1.7.5.3", "cpe:/a:graphviz:graphviz:1.10_2003-09-15_0415_1", "cpe:/a:graphviz:graphviz:2.2", "cpe:/a:graphviz:graphviz:1.10_2003-09-15_0415_2", "cpe:/a:graphviz:graphviz:1.7.5.7", "cpe:/a:graphviz:graphviz:1.7.5.6", "cpe:/a:graphviz:graphviz:1.8.5.2", "cpe:/a:graphviz:graphviz:1.5.1", "cpe:/a:graphviz:graphviz:1.7.16.1", "cpe:/a:graphviz:graphviz:1.14.1", "cpe:/a:graphviz:graphviz:1.7.5.1", "cpe:/a:graphviz:graphviz:1.8.9.1", "cpe:/a:graphviz:graphviz:1.8.5.1", "cpe:/a:graphviz:graphviz:1.12.1", "cpe:/a:graphviz:graphviz:1.12.3", "cpe:/a:graphviz:graphviz:1.12.2", "cpe:/a:graphviz:graphviz:1.7.5_0.1", "cpe:/a:graphviz:graphviz:1.7.5.5", "cpe:/a:graphviz:graphviz:1.7.5.2", "cpe:/a:graphviz:graphviz:1.7.5.4", "cpe:/a:graphviz:graphviz:1.7.5_0.3", "cpe:/a:graphviz:graphviz:1.7.16.2", "cpe:/a:graphviz:graphviz:1.7.5_0.2", "cpe:/a:graphviz:graphviz:1.16.1", "cpe:/a:graphviz:graphviz:1.5.3"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"nessus": [{"lastseen": "2019-01-16T20:06:26", "references": [], "pluginID": "20433", "description": "Javier Fernández-Sanguino Peña discovered insecure\ntemporary file creation in graphviz, a rich set of graph drawing\ntools, that can be exploited to overwrite arbitrary files by a local\nattacker.\n\nThe updated packages have been patched to address this issue.", "edition": 6, "reporter": "Tenable", "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : graphviz (MDKSA-2005:188)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4803"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libgraphviztcl7-devel", "p-cpe:/a:mandriva:linux:libgraphviz7-devel", "p-cpe:/a:mandriva:linux:lib64graphviztcl7-devel", "p-cpe:/a:mandriva:linux:lib64graphviztcl7", "p-cpe:/a:mandriva:linux:graphviz", "p-cpe:/a:mandriva:linux:lib64graphviz7-devel", "p-cpe:/a:mandriva:linux:libgraphviz7", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:lib64graphviz7", "p-cpe:/a:mandriva:linux:libgraphviztcl7", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2005-188.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20433", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:188. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20433);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2005-4803\");\n script_xref(name:\"MDKSA\", value:\"2005:188\");\n\n script_name(english:\"Mandrake Linux Security Advisory : graphviz (MDKSA-2005:188)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Javier Fernández-Sanguino Peña discovered insecure\ntemporary file creation in graphviz, a rich set of graph drawing\ntools, that can be exploited to overwrite arbitrary files by a local\nattacker.\n\nThe updated packages have been patched to address this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:graphviz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64graphviz7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64graphviz7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64graphviztcl7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64graphviztcl7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgraphviz7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgraphviz7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgraphviztcl7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgraphviztcl7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.2\", reference:\"graphviz-2.2-3.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64graphviz7-2.2-3.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64graphviz7-devel-2.2-3.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64graphviztcl7-2.2-3.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64graphviztcl7-devel-2.2-3.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libgraphviz7-2.2-3.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libgraphviz7-devel-2.2-3.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libgraphviztcl7-2.2-3.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libgraphviztcl7-devel-2.2-3.1.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"graphviz-2.2.1-3.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64graphviz7-2.2.1-3.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64graphviz7-devel-2.2.1-3.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64graphviztcl7-2.2.1-3.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64graphviztcl7-devel-2.2.1-3.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libgraphviz7-2.2.1-3.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libgraphviz7-devel-2.2.1-3.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libgraphviztcl7-2.2.1-3.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libgraphviztcl7-devel-2.2.1-3.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:06:21", "references": ["http://www.debian.org/security/2005/dsa-857"], "pluginID": "19965", "description": "Javier Fernandez-Sanguino Pena discovered insecure temporary file\ncreation in graphviz, a rich set of graph drawing tools, that can be\nexploited to overwrite arbitrary files by a local attacker.", "edition": 7, "reporter": "Tenable", "published": "2005-10-11T00:00:00", "title": "Debian DSA-857-1 : graphviz - insecure temporary file", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4803"], "modified": "2018-07-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:graphviz"], "id": "DEBIAN_DSA-857.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19965", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-857. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19965);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/20 2:17:11\");\n\n script_cve_id(\"CVE-2005-4803\");\n script_bugtraq_id(15050);\n script_xref(name:\"DSA\", value:\"857\");\n\n script_name(english:\"Debian DSA-857-1 : graphviz - insecure temporary file\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Javier Fernandez-Sanguino Pena discovered insecure temporary file\ncreation in graphviz, a rich set of graph drawing tools, that can be\nexploited to overwrite arbitrary files by a local attacker.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-857\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the graphviz package.\n\nFor the old stable distribution (woody) this problem probably persists\nbut the package is non-free.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.2.1-1sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphviz\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"graphviz\", reference:\"2.2.1-1sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"graphviz-dev\", reference:\"2.2.1-1sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"graphviz-doc\", reference:\"2.2.1-1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:06:29", "references": [], "pluginID": "20625", "description": "Javier Fernandez-Sanguino Pena discovered that the 'dotty' tool\ncreated and used temporary files in an insecure way. A local attacker\ncould exploit this with a symlink attack to create or overwrite\narbitrary files with the privileges of the user running dotty.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2006-01-15T00:00:00", "title": "Ubuntu 5.04 : graphviz vulnerability (USN-208-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4803"], "modified": "2018-08-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:graphviz-doc", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:graphviz-dev", "p-cpe:/a:canonical:ubuntu_linux:graphviz"], "id": "UBUNTU_USN-208-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20625", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-208-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20625);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/08/15 16:35:43\");\n\n script_cve_id(\"CVE-2005-4803\");\n script_xref(name:\"USN\", value:\"208-1\");\n\n script_name(english:\"Ubuntu 5.04 : graphviz vulnerability (USN-208-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Javier Fernandez-Sanguino Pena discovered that the 'dotty' tool\ncreated and used temporary files in an insecure way. A local attacker\ncould exploit this with a symlink attack to create or overwrite\narbitrary files with the privileges of the user running dotty.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected graphviz, graphviz-dev and / or graphviz-doc\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:graphviz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:graphviz-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:graphviz-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"graphviz\", pkgver:\"2.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"graphviz-dev\", pkgver:\"2.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"graphviz-doc\", pkgver:\"2.2-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphviz / graphviz-dev / graphviz-doc\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:16", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:17121](https://secuniaresearch.flexerasoftware.com/advisories/17121/)\n[Secunia Advisory ID:17207](https://secuniaresearch.flexerasoftware.com/advisories/17207/)\n[Secunia Advisory ID:17125](https://secuniaresearch.flexerasoftware.com/advisories/17125/)\nOther Advisory URL: http://www.debian.org/security/2005/dsa-857\nOther Advisory URL: http://www.ubuntu.com/usn/usn-208-1\n[CVE-2005-4803](https://vulners.com/cve/CVE-2005-4803)\n[CVE-2005-2965](https://vulners.com/cve/CVE-2005-2965)\nBugtraq ID: 15050\n", "reporter": "OSVDB", "published": "2005-10-10T11:22:26", "type": "osvdb", "title": "Graphviz dotty.lefty Symlink Arbitrary File Overwrite", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-4803", "CVE-2005-2965"], "modified": "2005-10-10T11:22:26", "href": "https://vulners.com/osvdb/OSVDB:19891", "id": "OSVDB:19891", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-09-09T00:19:12", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-2965"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "graphviz", "operator": "lt"}], "description": "Javier Fern\ufffdndez-Sanguino Pe\ufffda discovered that the \u201cdotty\u201d tool created and used temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running dotty.", "edition": 5, "reporter": "Ubuntu", "published": "2005-10-17T00:00:00", "title": "graphviz vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-4803", "CVE-2005-2965"], "modified": "2005-10-17T00:00:00", "id": "USN-208-1", "href": "https://usn.ubuntu.com/208-1/", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}
