Vulnerabilities > CVE-2003-0193 - Local Insecure Temporary File Creation vulnerability in CatDoc XLSView
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-575.NASL |
| description | A temporary file problem has been discovered in xlsview from the catdoc suite, convertors from Word to TeX and plain text, which could lead to local users being able to overwrite arbitrary files via a symlink attack on predictable temporary file names. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15673 |
| published | 2004-11-10 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15673 |
| title | Debian DSA-575-1 : catdoc - insecure temporary file |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525
- http://secunia.com/advisories/13021/
- http://secunia.com/advisories/13022/
- http://www.debian.org/security/2004/dsa-575
- http://www.osvdb.org/11193
- http://www.securityfocus.com/bid/11560
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16335