Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2991

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-2991
Last Modified 05 Sep 2008 04:53:10
Published 20 Sep 2005 04:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2991

Summary

ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.

Vulnerable Systems

Application

  • Ncompress 4.2.4 R1


References

MISC - http://www.zataz.net/adviso/ncompress-09052005.txt

FULLDISC - 20050916 ncompress insecure temporary file creation

SREASON - 12


Last Updated: 27 May 2016 10:40:42