PT-2005-3951 · Antiword · Antiword

Javier Fernández-Sanguino Peña

Published

2005-12-31

Updated

2017-07-11

CVE-2005-3126

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions antiword versions 0.35 and earlier

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary output and error files used by the kantiword and gantiword scripts.

Recommendations For antiword versions 0.35 and earlier, consider restricting access to the kantiword and gantiword scripts until a patch is available. As a temporary workaround, avoid using these scripts with temporary files in untrusted environments to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2005-3126

DSA-945-1

Affected Products

Antiword

PT-2005-3951 · Antiword · Antiword

CVE-2005-3126

Weakness Enumeration

Related Identifiers

Affected Products

References · 10