Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0559

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0559
Last Modified 05 Sep 2008 04:38:45
Published 20 Oct 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0559

Summary

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.

Vulnerable Systems

Operating System

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 9.2

  • Mandrakesoft Mandrake Linux Corporate Server 2.1

Application

  • Usermin 1.000

  • Usermin 1.010

  • Usermin 1.020

  • Usermin 1.030

  • Usermin 1.040

  • Usermin 1.051

  • Usermin 1.060

  • Usermin 1.070

  • Usermin 1.080

  • Webmin 1.0.00

  • Webmin 1.0.20

  • Webmin 1.0.50

  • Webmin 1.0.60

  • Webmin 1.0.70

  • Webmin 1.0.80

  • Webmin 1.0.90

  • Webmin 1.1.00

  • Webmin 1.1.10

  • Webmin 1.1.21

  • Webmin 1.1.30

  • Webmin 1.1.40

  • Webmin 1.1.50


References

XF - usermin-installation-unspecified(17299)

BID - 11153

GENTOO - GLSA-200409-15

SECUNIA - 12488

CONFIRM - http://www.webmin.com/uchanges-1.089.html


Last Updated: 27 May 2016 10:38:39