Symlink Vulnerability in Ebuild IndeX (eix) by Gentoo
CVE-2005-3785

Currently unrated

Key Information:

Vendor: Gentoo
Status: Linux Eix
Vendor: CVE Published:; 23 November 2005

What is CVE-2005-3785?

A second-order symlink vulnerability exists in the eix-sync.in script of the Ebuild IndeX (eix) application, impacting versions before 0.5.0_pre2. This flaw enables local users to exploit symlink attacks, potentially leading to arbitrary file overwrites through manipulation of the temporary exi.X.sync file processed by the diff-eix program. As a result, sensitive files may be compromised, resulting in unauthorized access or modification.

References

http://secunia.com/advisories/17699

third-party-advisoryx_refsource_SECUNIA

http://www.gentoo.org/security/en/glsa/glsa-200511-19.xml

vendor-advisoryx_refsource_GENTOO

http://www.vupen.com/english/advisories/2005/2539

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2005
Vulnerability Reserved
Nov 23, 2005