Vulnerabilities > CVE-2003-0014 - Unspecified vulnerability in BMV 1.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. For the stable distribution this problem has been fixed in version 1.2-14.2. For the unstable distribution this problem has been fixed in version 1.2-17.
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-633.NASL |
description | Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for SVGAlib, discovered that temporary files are created in an insecure fashion. A malicious local user could cause arbitrary files to be overwritten by a symlink attack. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16130 |
published | 2005-01-12 |
reporter | This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16130 |
title | Debian DSA-633-1 : bmv - insecure temporary file |
code |
|
References
- http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog
- http://secunia.com/advisories/13793
- http://secunia.com/advisories/13796
- http://securityfocus.org/bid/12229
- http://securitytracker.com/id?1012847
- http://www.debian.org/security/2005/dsa-633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18823