aka wow on ZATAZ.com
My CVE's
CVE-2005-3319 PHP mod_php apache2handler SAPI Crafted .htaccess DoS
06 years ago
in My CVE's
Timeline :
Vulnerability discovered by Eric Romang
Public release of the vulnerability the 2005-10-24
Exploit provided the 2005-10-24
PoC provided by :
Eric Romang
Reference(s) :
CVE-2005-3319
GLSA 200511-08
OSVDB-20491
Affected version(s) :
PHP versions 4.0.x to 4.4.0 and versions 5.0.0 to 5.0.5
Tested on Gentoo 2005.0 with :
PHP 4.3.11
Description :
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user places a specially crafted .htaccess file in a root directory while safe mode is active. This will cause a segmentation fault, resulting in loss of availability for the service.
Commands :
Simply put a .htaccess file on the root directory of your website with this content : php_value session.save_path /var/www/somewherehowexist
CVE-2005-2995 Bacula Insecure Temporary Files Creations
06 years ago
in My CVE's
Timeline :
Vulnerabilities discovered by Eric Romang the 2005-09-06
Vendor notified the 2005-09-19
Coordinated vulnerabilities disclosure the 2005-09-20
Reference(s) :
Affected version(s) :
bacula equal or under version 1.36.3
Description :
Bacula contains flaws that may allow a malicious local user to create or overwrite arbitrary files on the system.
The issue is due to scripts/mtx-changer.in creating temporary files in /tmp insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
The issue is due to /autoconf/randpass creating temporary files in /tmp insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
The issue is due to /rescue/linux/getdiskinfo creating temporary files in /tmp insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
CVE-2005-2809 SILC Server and Toolkit silcd.c Symlink Arbitrary File Overwrite
06 years ago
in My CVE's
Timeline :
Vulnerability discovered by Eric Romang the 2005-05-31
Vendor notified the 2005-06-15
Vulnerability disclosure the 2005-09-01
Reference(s) :
Affected version(s) :
silc-server before or equal to 1.0
silc-toolkit before or equal to 0.9.12-r3
Description :
SILC Server and Toolkit contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the program creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
CVE-2005-1917 Kpopper popper-send.sh Symlink Arbitrary File Manipulation
06 years ago
in My CVE's
Timeline :
Vulnerability discovered by Eric Romang the 2005-06-13
Vendor notified the 2005-06-15
Vulnerability disclosure the 2005-07-04
Reference(s) :
Affected version(s) :
kpopper before or equal to 1.0
Description :
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.
CVE-2005-1916 ekg linki.py Add-on Symlink Arbitrary File Manipulation
06 years ago
in My CVE's
Timeline :
Vulnerability discovered by Eric Romang the 2005-05-27
Vendor notified the 2005-06-06
Vulnerability disclosure the 2005-07-04
Reference(s) :
Affected version(s) :
keg before or equal to 2005-06-05 22:03
Description :
Eksperymentalny Klient Gadu-Gadu (EKG) contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the czyjest and handle_keypress() functions in the contrib/scripts/linki.py script creating temporary files insecurely. It is possible for a user to use a symlink style attack from a critical EKG file to the /tmp/rmrmg_ekg_url file. When EKG is run, the temporary symlink file is activated with the privileges of the user running EKG, resulting in a loss of integrity.
Recent Comments