CVE-2005-1916 ekg linki.py Add-on Symlink Arbitrary File Manipulation

Timeline :

Vulnerability discovered by Eric Romang the 2005-05-27
Vendor notified the 2005-06-06
Vulnerability disclosure the 2005-07-04

Reference(s) :

CVE-2005-1916
OSVDB-17722

Affected version(s) :

keg before or equal to 2005-06-05 22:03

Description :

Eksperymentalny Klient Gadu-Gadu (EKG) contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the czyjest and handle_keypress() functions in the contrib/scripts/linki.py script creating temporary files insecurely. It is possible for a user to use a symlink style attack from a critical EKG file to the /tmp/rmrmg_ekg_url file. When EKG is run, the temporary symlink file is activated with the privileges of the user running EKG, resulting in a loss of integrity.

CVE-2005-1878 GIPTables Firewall Temp File IP Address Manipulation DoS

Timeline :

Vulnerability discovered by Eric Romang the 2005-05-22
Vendor notified the 2005-05-22
Vulnerability disclosure the 2005-06-06

Reference(s) :

CVE-2005-1878
OSVDB-17109

Affected version(s) :

GIPTables Firewall before or equal to v1.1

Description :

GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file.

CVE-2005-1879 LutelWall Symlink Arbitrary File Create/Overwrite

Timeline :

Vulnerability discovered by Eric Romang the 2005-05-22
Vendor notified the 2005-05-22
Vulnerability disclosure the 2005-06-06

Reference(s) :

CVE-2005-1879
OSVDB-17173

Affected version(s) :

LutelWall before or equal to 0.97

Description :

A vulnerability exists in a portion of LutelWall that looks for new versions. This vulnerability creates a temporary file with insecure permissions that, with creative use of symlinks, would allow an attacker to overwrite or create files with the privileges of the user that runs the update script. Because the update script is run as root, this could give the attacker the ability to create or overwrite nearly any file on the system.

CVE-2005-1880 everybuddy Symlink Arbitrary File Create/Overwrite

Timeline :

Vulnerability discovered by Eric Romang the 2005-05-30
Vendor notified the 2005-05-30
Vulnerability disclosure the 2005-06-06

Reference(s) :

CVE-2005-1880
OSVDB-17174

Affected version(s) :

everybuddy before or equal to 0.4.3

Description :

everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.