Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4536

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-4536
Last Modified 07 Mar 2011 09:28:27
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4536

Summary

Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.

Vulnerable Systems

Application

  • Debian Libmail-audit-perl 2.1-5


References

XF - perl-mail-audit-symlink(24380)

VUPEN - ADV-2006-0378

DEBIAN - DSA-960

SECUNIA - 18656

SECUNIA - 18652

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029

BID - 16434


Last Updated: 27 May 2016 10:41:20