Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0610

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-0610
Last Modified 05 Sep 2008 04:46:47
Published 12 Apr 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0610

Summary

Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.

Vulnerable Systems

Operating System

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.10

  • Freebsd 4.11

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.6.2

  • Freebsd 4.7

  • Freebsd 4.8

  • Freebsd 4.9

  • Freebsd 5.0

  • Freebsd 5.1

  • Freebsd 5.2

  • Freebsd 5.2.1

  • Freebsd 5.3

  • Freebsd 5.4


References

MISC - http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html

SECUNIA - 14903

BID - 13106


Last Updated: 27 May 2016 10:39:52