Vulnerabilities > CVE-2005-0119 - Local Security vulnerability in Helvis
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_BB99F8035FDE11D9B72100065BE4B5B6.NASL |
description | Once a recovery file has been preserved by the setuid root elvprsv utility it is placed in a worldreadable directory with worldreadable permissions. This possibly allows sensitive information to leak. In addition to this information leak, it is possible for users to recover files that belong to other users by using elvrec, another setuid root binary. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19099 |
published | 2005-07-13 |
reporter | This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/19099 |
title | FreeBSD : helvis -- information leak vulnerabilities (bb99f803-5fde-11d9-b721-00065be4b5b6) |