PT-2005-3109 · Gnu · Gnats

Pi3Ki31Ny

Published

2005-07-10

Updated

2016-10-18

CVE-2005-2180

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: GNATS versions 4.0 through 4.1.0 GNATS versions prior to 4.0

Description: The issue arises from improper file checking in the gen-index component when installed setuid, allowing local users to overwrite arbitrary files by exploiting the -o argument. This enables write access to files that should be restricted.

Recommendations: For GNATS versions 4.0 through 4.1.0, consider restricting the use of the gen-index component when installed setuid to minimize the risk of exploitation. For GNATS versions prior to 4.0, restrict the use of the gen-index component when installed setuid to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2180

Affected Products

Gnats

PT-2005-3109 · Gnu · Gnats

CVE-2005-2180

Related Identifiers

Affected Products

References · 4