CVE-2005-4660

Name of the Vulnerable Software and Affected Versions IPCop (aka IPCop Firewall) versions prior to 1.4.10

Description A race condition issue exists that might allow local users to overwrite system configuration files and gain privileges. This occurs by replacing a backup archive during a specific time window when the archive is owned by "nobody" but not yet encrypted, and then executing ipcoprscfg to restore from this backup.

Recommendations For versions prior to 1.4.10, update to version 1.4.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the ipcoprscfg command until a patch is applied.