CVE-2005-2965
CVSSN/A
发布时间 :2005-10-12 09:04:00
修订时间 :2008-09-10 15:44:23
NMOPS    

[原文]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2005-4802 and CVE-2005-4803 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.


[CNNVD]CNNVD数据暂缺。


[机译]* REJECT **不要使用该候选号码。

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2965
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2965
(官方数据源) NVD

- 其它链接及资源

- 漏洞信息 (F40561)

Debian Linux Security Advisory 857-1 (PacketStormID:F40561)
2005-10-11 00:00:00
Debian  security.debian.org
advisory,arbitrary,local
linux,debian
CVE-2005-2965
[点击下载]

Debian Security Advisory DSA 857-1 - Javier Fernandez-Sanguino Pena discovered insecure tmporary file creation in graphviz, a rich set of graph drawing tools, that can be exploited to overwrite arbitrary files by a local attacker.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 857-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 10th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : graphviz
Vulnerability  : insecure temporary file
Problem type   : local
Debian-specific: no
CVE ID         : CAN-2005-2965

Javier Fern    

- 漏洞信息

19891
Graphviz dotty.lefty Symlink Arbitrary File Overwrite
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-10 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Flexbackup Multiple Insecure Temporary File Creation Vulnerabilities
Design Error 15116
No Yes
2005-10-17 12:00:00 2007-01-09 06:21:00
Eric Romang is credited with the discovery of this vulnerability.

- 受影响的程序版本

Flexbackup Flexbackup 1.2.1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

Flexbackup creates several temporary files in an insecure manner.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

Flexbackup 1.2.1 and earlier versions are affected.

- 漏洞利用

No exploit is required.

- 解决方案

Please see the referenced advisories for more information.


Flexbackup Flexbackup 1.2.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站