PT-2005-2680 · Gentoo · Webapp-Config
Eric Romang
·
Published
2005-05-24
·
Updated
2011-03-08
·
CVE-2005-1707
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Gentoo webapp-config versions prior to 1.10-r14
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file, specifically through the fn show postinst function.
Recommendations
For versions prior to 1.10-r14, update to version 1.10-r14 or later to resolve the issue. As a temporary workaround, consider restricting access to the fn show postinst function until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Webapp-Config