| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic was found in Gentoo webapp-config 1.10. Affected by this issue is the function fn_show_postinst. Executing a manipulation can lead to symlink.
This vulnerability is tracked as CVE-2005-1707. Moreover, an exploit is present.
Upgrading the affected component is advised.
Details
A vulnerability has been found in Gentoo webapp-config 1.10 and classified as problematic. This vulnerability affects the function fn_show_postinst. The manipulation with an unknown input leads to a symlink vulnerability. The CWE definition for the vulnerability is CWE-61. The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
The bug was discovered 05/07/2005. The weakness was disclosed 05/22/2005 by Eric Romang (Website). The advisory is shared for download at securitytracker.com. This vulnerability was named CVE-2005-1707 since 05/24/2005. The exploitation appears to be easy. The attack needs to be approached locally. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known.
After even before and not, there has been an exploit disclosed. It is possible to download the exploit at zataz.net. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 15 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 18520 (GLSA-200506-13 : webapp-config: Insecure temporary file handling), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Gentoo Local Security Checks.
Upgrading to version 1.10-r14 eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (20671), Exploit-DB (25709), Tenable (18520), SecurityFocus (BID 13780†) and OSVDB (16746†). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.9
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: SymlinkCWE: CWE-61 / CWE-59
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 18520
Nessus Name: GLSA-200506-13 : webapp-config: Insecure temporary file handling
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 54965
OpenVAS Name: Gentoo Security Advisory GLSA 200506-13 (webapp-config)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: webapp-config 1.10-r14
Timeline
05/07/2005 🔍05/22/2005 🔍
05/22/2005 🔍
05/22/2005 🔍
05/22/2005 🔍
05/23/2005 🔍
05/23/2005 🔍
05/24/2005 🔍
05/24/2005 🔍
05/26/2005 🔍
06/17/2005 🔍
07/14/2009 🔍
03/11/2015 🔍
12/29/2024 🔍
Sources
Advisory: securitytracker.com⛔Researcher: Eric Romang
Status: Confirmed
CVE: CVE-2005-1707 (🔍)
GCVE (CVE): GCVE-0-2005-1707
GCVE (VulDB): GCVE-100-25312
X-Force: 20671
SecurityFocus: 13780 - Gentoo Webapp-Config Insecure File Creation Vulnerability
Secunia: 15445 - Gentoo webapp-config Insecure Temporary File Creation, Less Critical
OSVDB: 16746 - Gentoo webapp-config Temporary File Privilege Escalation
SecurityTracker: 1014027 - Gentoo webapp-config Unsafe Temporary File Lets Local Users Gain Elevated Privileges
Vulnerability Center: 22849 - Gentoo Linux Prior to 1.10-r14 Local Arbitrary File Overwrite Vulnerability via a Symlink Attack, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/11/2015 11:41Updated: 12/29/2024 12:46
Changes: 03/11/2015 11:41 (70), 02/11/2017 10:37 (18), 07/05/2021 09:10 (3), 12/29/2024 12:46 (15)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.