Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3785

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3785
Last Modified 07 Mar 2011 09:27:10
Published 23 Nov 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3785

Summary

Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.

Vulnerable Systems

Application

  • Gentoo Linux Eix 0.3


References

GENTOO - GLSA-200511-19

VUPEN - ADV-2005-2539

SECUNIA - 17699

MISC - http://bugs.gentoo.org/show_bug.cgi?id=112061

BID - 15541


Last Updated: 27 May 2016 10:41:02