Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0851

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0851
Last Modified 05 Sep 2008 04:39:36
Published 08 Sep 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0851

Summary

The (1) write_list and (2) dump_curr_list functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Systems

Application

  • Ulrich Callmeier Net-acct 0.6

  • Ulrich Callmeier Net-acct 0.7

  • Ulrich Callmeier Net-acct 0.71


References

XF - net-acct-tmp-symlink(17283)

BID - 11125

DEBIAN - DSA-559

SECUNIA - 12476

BUGTRAQ - 20040908 Insecure Temporary File Creation Vulnerability in Net-Acct

CONFIRM - http://exorsus.net/projects/net-acct/net-acct-notempfiles.patch


Last Updated: 27 May 2016 10:38:47