Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2698

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2004-2698
Last Modified 05 Sep 2008 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2698

Summary

Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.

Vulnerable Systems

Application

  • Imwheel 1.0.0pre11


References

XF - imwheel-race-condition(17082)

BID - 11008

OSVDB - 9111

MISC - http://www.caughq.org/advisories/CAU-2004-0002.txt

SECTRACK - 1011049

SECUNIA - 12349

CONFIRM - http://imwheel.sourceforge.net/files/DEVELOPMENT.txt

FULLDISC - 20040820 CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition


Last Updated: 27 May 2016 10:39:35