| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.6 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in GNU Gnump3d up to 2.9.7. This impacts an unknown function. This manipulation causes link following. The identification of this vulnerability is CVE-2005-3349. There is no exploit available. You should upgrade the affected component.
Details
A vulnerability has been found in GNU Gnump3d up to 2.9.7 and classified as problematic. Affected by this vulnerability is some unknown functionality. The manipulation with an unknown input leads to a link following vulnerability. The CWE definition for the vulnerability is CWE-59. The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. As an impact it is known to affect confidentiality. The summary by CVE is:
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
The bug was discovered 11/18/2005. The weakness was shared 11/18/2005 (Website). It is possible to read the advisory at securityfocus.com. This vulnerability is known as CVE-2005-3349 since 10/27/2005. Attacking locally is a requirement. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 22767 (Debian DSA-901-1 : gnump3d - programming error), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks and running in the context l.
Upgrading to version 2.9.8 eliminates this vulnerability. A possible mitigation has been published 1 days after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (23116), Tenable (22767), SecurityFocus (BID 15497†), OSVDB (20939†) and Secunia (SA17647†). The entries VDB-26960, VDB-26771 and VDB-26770 are related to this item. Be aware that VulDB is the high quality source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.gnu.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.0VulDB Meta Temp Score: 3.6
VulDB Base Score: 4.0
VulDB Temp Score: 3.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Link followingCWE: CWE-59
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 22767
Nessus Name: Debian DSA-901-1 : gnump3d - programming error
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 55888
OpenVAS Name: Debian Security Advisory DSA 901-1 (gnump3d)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Gnump3d 2.9.8
Timeline
10/27/2005 🔍11/04/2005 🔍
11/04/2005 🔍
11/18/2005 🔍
11/18/2005 🔍
11/18/2005 🔍
11/18/2005 🔍
11/19/2005 🔍
11/29/2005 🔍
10/14/2006 🔍
03/11/2015 🔍
06/11/2019 🔍
Sources
Vendor: gnu.orgAdvisory: securityfocus.com⛔
Status: Not defined
Confirmation: 🔍
CVE: CVE-2005-3349 (🔍)
GCVE (CVE): GCVE-0-2005-3349
GCVE (VulDB): GCVE-100-26959
X-Force: 23116
SecurityFocus: 15497 - GNU gnump3d Insecure Temporary File Creation Vulnerability
Secunia: 17647 - GNUMP3d Insecure Temporary File Creation and Directory Traversal, Moderately Critical
OSVDB: 20939 - CVE-2005-3349 - GNU - Gnump3d - Security Bypass Issue
Vulnerability Center: 9762 - GNU GNUmp3d Local Symlink Attack on index.lok Temporary File, Low
Vupen: ADV-2005-2489
See also: 🔍
Entry
Created: 03/11/2015 23:39Updated: 06/11/2019 20:35
Changes: 03/11/2015 23:39 (75), 06/11/2019 20:35 (8)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.

No comments yet. Languages: en.
Please log in to comment.