Vulnerabilities > CVE-2005-0070 - Local File Disclosure vulnerability in Synaesthesia

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
synaesthesia
nessus
NVD
Published: 2005-05-02
Updated: 2008-09-05

Summary

Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.

Vulnerable Configurations

Part Description Count
Application
Synaesthesia
1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-681.NASL
descriptionErik Sjolund and Devin Carraway discovered that synaesthesia, a program for representing sounds visually, accesses user-controlled configuration and mixer files with elevated privileges. Thus, it is possible to read arbitrary files.
last seen2020-06-01
modified2020-06-02
plugin id16457
published2005-02-15
reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16457
titleDebian DSA-681-1 : synaesthesia - privilege escalation
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-681. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(16457);
  script_version("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:18");

  script_cve_id("CVE-2005-0070");
  script_xref(name:"DSA", value:"681");

  script_name(english:"Debian DSA-681-1 : synaesthesia - privilege escalation");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Erik Sjolund and Devin Carraway discovered that synaesthesia, a
program for representing sounds visually, accesses user-controlled
configuration and mixer files with elevated privileges. Thus, it is
possible to read arbitrary files."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-681"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the synaesthesia package.

For the stable distribution (woody) this problem has been fixed in
version 2.1-2.1woody3."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:synaesthesia");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/02/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/15");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"synaesthesia", reference:"2.1-2.1woody3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References