CVE-2005-4659

Name of the Vulnerable Software and Affected Versions IPCop (aka IPCop Firewall) versions prior to 1.4.10

Description The issue allows local users to potentially overwrite system configuration files and gain privileges. This is possible by creating a malicious encrypted backup archive owned by "nobody" and then executing ipcoprscfg to restore from this backup.

Recommendations For versions prior to 1.4.10, update to version 1.4.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup.key file to prevent local users from exploiting the world-readable permissions.