CVE-2005-2672 in LM_sensorsinfo

Summary

by MITRE

pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 06/29/2025

The vulnerability identified as CVE-2005-2672 affects the pwmconfig utility within LM_sensors version 2.9.1 and earlier, presenting a significant security risk through insecure temporary file creation practices. This flaw specifically targets the fancontrol temporary file handling mechanism that pwmconfig employs during its operation. The issue arises from the utility's failure to properly validate or secure temporary file creation processes, creating an environment where local attackers can exploit this weakness through symbolic link manipulation techniques. The vulnerability exists in the context of system administration tools that require elevated privileges to function properly, making it particularly dangerous in multi-user environments where privilege escalation opportunities may exist.

The technical flaw manifests when pwmconfig creates temporary files during its execution process, specifically during fan control configuration. The utility does not implement proper security measures such as creating temporary files with unique names or using secure file creation methods that prevent attackers from predicting or manipulating file paths. This insecure practice allows a local attacker to establish symbolic links with predictable names in the temporary directory, effectively creating a race condition where the attacker can control which file receives the data written by pwmconfig. The vulnerability falls under the category of insecure temporary file handling, which is classified as CWE-377, and more specifically relates to CWE-378, which deals with creation of temporary files with insecure permissions. The attack vector leverages the principle of privilege escalation through file system manipulation, where an attacker with local access can exploit the utility's behavior to overwrite arbitrary files on the system.

The operational impact of this vulnerability extends beyond simple file overwriting capabilities, as it represents a potential pathway for privilege escalation and system compromise. When pwmconfig runs with elevated privileges to configure hardware fan controls, an attacker who can manipulate the temporary file creation process gains the ability to modify critical system files, configuration files, or even executables that may be executed by the system. This creates a scenario where local users can potentially escalate their privileges to root level access, depending on the specific files targeted and the system configuration. The vulnerability is particularly concerning because it operates at the system administration level, where the tools are designed to interact with hardware components and often require root privileges to function correctly. The attack can be executed without requiring network access or special privileges beyond local login access, making it a persistent threat in environments where multiple users share the same system.

Mitigation strategies for CVE-2005-2672 focus on both immediate remediation and long-term security hardening approaches. The most direct solution involves upgrading to LM_sensors version 2.9.1 or later, where the insecure temporary file creation practices have been addressed through proper file handling mechanisms. System administrators should also implement additional security controls such as restricting write permissions on temporary directories, implementing proper file system permissions, and ensuring that system tools are regularly updated to address known vulnerabilities. The remediation process should include comprehensive system audits to identify and remove any existing symbolic links that may have been created by attackers, along with monitoring for unusual file modification patterns that could indicate exploitation attempts. This vulnerability demonstrates the importance of secure coding practices in system administration tools and aligns with ATT&CK technique T1068, which covers privilege escalation through local exploitation of system vulnerabilities. Organizations should also consider implementing principle of least privilege configurations and regular security assessments to identify similar insecure temporary file handling patterns in other system utilities and applications.

Reservation

08/23/2005

Disclosure

08/23/2005

Moderation

accepted

Entry

VDB-26131

CPE

ready

EPSS

0.00426

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!