CVE-2005-2672

Name of the Vulnerable Software and Affected Versions lm-sensors versions prior to 2.9.1 libsensors3 (affected versions not specified) libsensors-dev (affected versions not specified) lm-sensors-2.4.27-2-386 (affected versions not specified) lm-sensors-2.4.27-2-586tsc (affected versions not specified) lm-sensors-2.4.27-2-686 (affected versions not specified) lm-sensors-2.4.27-2-686-smp (affected versions not specified) lm-sensors-2.4.27-2-k6 (affected versions not specified) lm-sensors-2.4.27-2-k7 (affected versions not specified) lm-sensors-2.4.27-2-k7-smp (affected versions not specified) kernel-patch-2.4-lm-sensors (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the lm-sensors package of the Debian GNU/Linux operating system, which can lead to the compromise of protected information. These vulnerabilities can be exploited by a local attacker. Specifically, the pwmconfig in LM sensors before version 2.9.1 creates temporary files insecurely, allowing local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.

Recommendations For lm-sensors versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue. For libsensors3, libsensors-dev, lm-sensors-2.4.27-2-386, lm-sensors-2.4.27-2-586tsc, lm-sensors-2.4.27-2-686, lm-sensors-2.4.27-2-686-smp, lm-sensors-2.4.27-2-k6, lm-sensors-2.4.27-2-k7, lm-sensors-2.4.27-2-k7-smp, and kernel-patch-2.4-lm-sensors, at the moment, there is no information about a newer version that contains a fix for this vulnerability.