3.0.11B7

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

angus-mackay

NVD

Published: 2003-12-31

Updated: 2008-09-05

Summary

ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file.

Vulnerable Configurations

Part	Description	Count
Application	Angus_Mackay Angus Mackay EZ Ipupdate 3.0.11B5 Angus Mackay EZ Ipupdate 3.0.11B7	2

References

http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5
http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6