flexbackup -- insecure temporary file

{"modified": "2006-11-20T00:00:00", "type": "debian", "edition": 1, "cvelist": ["CVE-2005-4802"], "bulletinFamily": "unix", "viewCount": 1, "lastseen": "2016-09-02T18:24:10", "history": [], "title": "flexbackup -- insecure temporary file", "published": "2006-11-20T00:00:00", "description": "Eric Romang discovered that the flexbackup backup tool creates temporary files in an insecure manner, which allows denial of service through a symlink attack.\n\nFor the stable distribution (sarge) this problem has been fixed in version 1.2.1-2sarge1.\n\nFor the upcoming stable distribution (etch) this problem has been fixed in version 1.2.1-3.\n\nFor the unstable distribution (sid) this problem has been fixed in version 1.2.1-3.\n\nWe recommend that you upgrade your flexbackup package.", "reporter": "Debian", "affectedPackage": [{"arch": "src", "operator": "lt", "packageFilename": "flexbackup_1.2.1-2sarge1.dsc", "OSVersion": "3.1", "packageVersion": "1.2.1-2sarge1", "packageName": "flexbackup", "OS": "Debian GNU/Linux"}, {"arch": "all", "operator": "lt", "packageFilename": "flexbackup_1.2.1-2sarge1_all.deb", "OSVersion": "3.1", "packageVersion": "1.2.1-2sarge1", "packageName": "flexbackup", "OS": "Debian GNU/Linux"}, {"arch": "src", "operator": "lt", "packageFilename": "flexbackup_1.2.1.orig.tar.gz", "OSVersion": "3.1", "packageVersion": "1.2.1.orig", "packageName": "flexbackup", "OS": "Debian GNU/Linux"}, {"arch": "src", "operator": "lt", "packageFilename": "flexbackup_1.2.1-2sarge1.diff.gz", "OSVersion": "3.1", "packageVersion": "1.2.1-2sarge1.diff", "packageName": "flexbackup", "OS": "Debian GNU/Linux"}], "href": "http://www.debian.org/security/dsa-1216", "references": [], "objectVersion": "1.2", "id": "DSA-1216", "hash": "7cde39b8c9ffa7a820dace3a1f1522d8271944a2eec0555251d36265b30e22de", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "enchantments": {"vulnersScore": 4.6}}

{"result": {"cve": [{"id": "CVE-2005-4802", "type": "cve", "title": "CVE-2005-4802", "description": "Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use.", "published": "2005-12-31T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4802", "cvelist": ["CVE-2005-4802"], "lastseen": "2017-04-18T15:51:42"}], "nessus": [{"id": "DEBIAN_DSA-1216.NASL", "type": "nessus", "title": "Debian DSA-1216-1 : flexbackup - insecure temporary file", "description": "Eric Romang discovered that the flexbackup backup tool creates temporary files in an insecure manner, which allows denial of service through a symlink attack.", "published": "2006-11-22T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23702", "cvelist": ["CVE-2005-4802"], "lastseen": "2016-09-26T17:26:43"}], "osvdb": [{"id": "OSVDB:20021", "type": "osvdb", "title": "Flexbackup Multiple Insecure Temporary File Creation", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://flexbackup.sourceforge.net/\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=105000\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1216)\nSecurity Tracker: 1015068\n[Secunia Advisory ID:17209](https://secuniaresearch.flexerasoftware.com/advisories/17209/)\n[Secunia Advisory ID:23008](https://secuniaresearch.flexerasoftware.com/advisories/23008/)\nOther Advisory URL: http://www.zataz.net/adviso/flexbackup-09192005.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0391.html\n[CVE-2005-2965](https://vulners.com/cve/CVE-2005-2965)\n[CVE-2005-4802](https://vulners.com/cve/CVE-2005-4802)\n", "published": "2005-10-15T17:08:36", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:20021", "cvelist": ["CVE-2005-2965", "CVE-2005-4802"], "lastseen": "2017-04-28T13:20:16"}]}}