Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0055

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-0055
Last Modified 05 Sep 2008 04:58:14
Published 11 Jan 2006 04:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0055

Summary

The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.

Vulnerable Systems

Operating System

  • Freebsd 4.10

  • Freebsd 4.11

  • Freebsd 5.0

  • Freebsd 5.1

  • Freebsd 5.2

  • Freebsd 5.2.1

  • Freebsd 5.3

  • Freebsd 5.4

  • Freebsd 6.0


References

BID - 16207

SECUNIA - 18404

FREEBSD - FreeBSD-SA-06:02

XF - ee-ispell-op-symlink(24074)

OSVDB - 22320

SECTRACK - 1015469


Last Updated: 27 May 2016 10:41:31