Symlink Vulnerability in Ebuild IndeX (eix) by Gentoo
CVE-2005-3785

Currently unrated

Key Information:

Vendor

Gentoo

Status
Linux Eix
Vendor
CVE Published:
23 November 2005

What is CVE-2005-3785?

A second-order symlink vulnerability exists in the eix-sync.in script of the Ebuild IndeX (eix) application, impacting versions before 0.5.0_pre2. This flaw enables local users to exploit symlink attacks, potentially leading to arbitrary file overwrites through manipulation of the temporary exi.X.sync file processed by the diff-eix program. As a result, sensitive files may be compromised, resulting in unauthorized access or modification.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/17699
third-party-advisoryx_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200511-19.xml
vendor-advisoryx_refsource_GENTOO
http://www.vupen.com/english/advisories/2005/2539
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.