Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4534

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4534
Last Modified 05 Sep 2008 04:57:09
Published 27 Dec 2005 09:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4534

Summary

The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.10

  • Mozilla Bugzilla 2.12

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.14.1

  • Mozilla Bugzilla 2.14.2

  • Mozilla Bugzilla 2.14.3

  • Mozilla Bugzilla 2.14.4

  • Mozilla Bugzilla 2.14.5

  • Mozilla Bugzilla 2.16

  • Mozilla Bugzilla 2.16.1

  • Mozilla Bugzilla 2.16.10

  • Mozilla Bugzilla 2.16.2

  • Mozilla Bugzilla 2.16.3

  • Mozilla Bugzilla 2.16.4

  • Mozilla Bugzilla 2.16.5

  • Mozilla Bugzilla 2.16.6

  • Mozilla Bugzilla 2.16.7

  • Mozilla Bugzilla 2.16.8

  • Mozilla Bugzilla 2.16.9

  • Mozilla Bugzilla 2.9


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=305353

BID - 16061

SECTRACK - 1015411

SECUNIA - 18218

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387

BUGTRAQ - 20051228 [BUGZILLA] Security advisory for Bugzilla < 2.16.11

XF - bugzilla-syncshadowdb-symlink(23863)

DEBIAN - DSA-1208

SREASON - 302

SECUNIA - 22826


Last Updated: 27 May 2016 10:41:20