Symlink Attack Vulnerability in Gentoo Webapp-Config
CVE-2005-1707

Currently unrated

Key Information:

Vendor: Gentoo
Status: Linux Webapp-config
Vendor: CVE Published:; 24 May 2005

What is CVE-2005-1707?

The fn_show_postinst function in Gentoo's webapp-config prior to version 1.10-r14 is susceptible to a symlink attack that permits local users to overwrite arbitrary files. This vulnerability arises from inadequate handling of temporary files, specifically related to the postinst.txt file, which can be exploited by creating symbolic links that redirect file operations. As a result, unauthorized file modifications may occur, potentially compromising the integrity and security of the system.

References

http://www.vupen.com/english/advisories/2005/0809

vdb-entryx_refsource_VUPEN

http://www.zataz.net/adviso/webapp-config-05182005.txt

x_refsource_MISC

http://www.osvdb.org/16746

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2005
Vulnerability Reserved
May 24, 2005