Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1915

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-1915
Last Modified 07 Mar 2011 09:23:05
Published 02 Sep 2005 01:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-1915

Summary

The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames.

Vulnerable Systems

Application

  • Log4sh 1.2.3

  • Log4sh 1.2.4

  • Log4sh 1.2.5


References

BID - 14140

MISC - http://www.zataz.net/adviso/log4sh-06092005.txt

VUPEN - ADV-2005-0957

SECUNIA - 15899

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=94069

FULLDISC - 20050704 log4sh insecure temporary file creation

VULNWATCH - 20050705 log4sh insecure temporary file creation


Last Updated: 27 May 2016 10:40:20