Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-4691

imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page.

Published

2005-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.1 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netbsd	netbsd	1.6	Yes
Operating System	netbsd	netbsd	1.6	Yes
Operating System	netbsd	netbsd	1.6.1	Yes
Operating System	netbsd	netbsd	1.6.2	Yes
Operating System	netbsd	netbsd	2.0	Yes
Operating System	netbsd	netbsd	2.0.1	Yes
Operating System	netbsd	netbsd	2.0.2	Yes

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-009.txt.asc ([email protected])
http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html ([email protected])
http://mail-index.netbsd.org/source-changes/2005/09/12/0043.html ([email protected])
http://securitytracker.com/id?1015132 Patch ([email protected])
http://www.osvdb.org/20731 Patch ([email protected])
http://www.securityfocus.com/bid/15263 Patch ([email protected])
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-009.txt.asc (af854a3a-2127-422b-91ae-364da2661108)
http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html (af854a3a-2127-422b-91ae-364da2661108)
http://mail-index.netbsd.org/source-changes/2005/09/12/0043.html (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015132 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/20731 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/15263 Patch (af854a3a-2127-422b-91ae-364da2661108)