PT-2005-5577 · Dhis · Dhis-Tools-Dns

Javier Fernández-Sanguino Peña

Published

1970-01-01

Updated

2017-07-11

CVE-2005-3341

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions dhis-tools-dns versions prior to 5.0

Description The issue affects the dhis-tools-dns package, allowing local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh scripts. This can lead to a violation of protected information integrity. The exploitation can be carried out by a local attacker.

Recommendations For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the register-q.sh and register-p.sh scripts until a patch is available. Avoid using these scripts in sensitive operations until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-02689

BDU:2015-02690

CVE-2005-3341

DSA-928-1

Affected Products

Dhis-Tools-Dns

PT-2005-5577 · Dhis · Dhis-Tools-Dns

CVE-2005-3341

Related Identifiers

Affected Products

References · 15