PT-2004-3588 · Imwheel · Imwheel
Published
2004-12-31
·
Updated
2017-07-29
·
CVE-2004-2698
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IMWheel versions 1.0.0pre11 and earlier
Description
A race condition issue exists when running with the -k option, allowing local users to cause a denial of service, potentially leading to a crash, and possibly modify arbitrary files via a symlink attack on the
imwheel.pid file.Recommendations
For IMWheel versions 1.0.0pre11 and earlier, consider removing the -k option to prevent the race condition until a patch is available. As a temporary workaround, restrict access to the
imwheel.pid file to minimize the risk of exploitation.Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imwheel