Vulnerabilities > CVE-2005-1751 - Unspecified vulnerability in Shtool
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN shtool
nessus
Summary
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2005-517.NASL description This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18624 published 2005-07-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18624 title Fedora Core 3 : php-4.3.11-2.6 (2005-517) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-517. # include("compat.inc"); if (description) { script_id(18624); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_cve_id("CVE-2005-1921"); script_xref(name:"FEDORA", value:"2005-517"); script_name(english:"Fedora Core 3 : php-4.3.11-2.6 (2005-517)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-July/001031.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?55b9a7ea" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP XML-RPC Arbitrary Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-domxml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/07/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"php-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-debuginfo-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-devel-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-domxml-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-gd-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-imap-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-ldap-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-mbstring-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-mysql-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-ncurses-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-odbc-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-pear-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-pgsql-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-snmp-4.3.11-2.6")) flag++; if (rpm_check(release:"FC3", reference:"php-xmlrpc-4.3.11-2.6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-debuginfo / php-devel / php-domxml / php-gd / php-imap / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-564.NASL description Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the last seen 2020-06-01 modified 2020-06-02 plugin id 18648 published 2005-07-08 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18648 title RHEL 3 / 4 : php (RHSA-2005:564) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:564. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(18648); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1751", "CVE-2005-1921"); script_bugtraq_id(14088); script_xref(name:"RHSA", value:"2005:564"); script_name(english:"RHEL 3 / 4 : php (RHSA-2005:564)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. When using the default SELinux 'targeted' policy on Red Hat Enterprise Linux 4, the impact of this issue is reduced since the scripts executed by PHP are constrained within the httpd_sys_script_t security context. A race condition in temporary file handling was discovered in the shtool script installed by PHP. If a third-party PHP module which uses shtool was compiled as root, a local user may be able to modify arbitrary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1751" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1921" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:564" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP XML-RPC Arbitrary Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-domxml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/25"); script_set_attribute(attribute:"patch_publication_date", value:"2005/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:564"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"php-4.3.2-24.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-devel-4.3.2-24.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-imap-4.3.2-24.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-ldap-4.3.2-24.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-mysql-4.3.2-24.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-odbc-4.3.2-24.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-pgsql-4.3.2-24.ent")) flag++; if (rpm_check(release:"RHEL4", reference:"php-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-devel-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-domxml-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-gd-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-imap-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-ldap-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-mbstring-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-mysql-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-ncurses-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-odbc-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-pear-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-pgsql-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-snmp-4.3.9-3.7")) flag++; if (rpm_check(release:"RHEL4", reference:"php-xmlrpc-4.3.9-3.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc"); } }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200506-08.NASL description The remote host is affected by the vulnerability described in GLSA-200506-08 (GNU shtool, ocaml-mysql: Insecure temporary file creation) Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames (CAN-2005-1751). On closer inspection, Gentoo Security discovered that the shtool temporary file, once created, was being reused insecurely (CAN-2005-1759). Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a GNU shtool script is executed, this would result in the file being overwritten with the rights of the user running the script, which could be the root user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18465 published 2005-06-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18465 title GLSA-200506-08 : GNU shtool, ocaml-mysql: Insecure temporary file creation NASL family Debian Local Security Checks NASL id DEBIAN_DSA-789.NASL description Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. - CAN-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements. last seen 2020-06-01 modified 2020-06-02 plugin id 19532 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19532 title Debian DSA-789-1 : php4 - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-171-1.NASL description CAN-2005-1751 : The php4-dev package ships a copy of the last seen 2020-06-01 modified 2020-06-02 plugin id 20578 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20578 title Ubuntu 4.10 / 5.04 : php4 vulnerabilities (USN-171-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-564.NASL description Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the last seen 2020-06-01 modified 2020-06-02 plugin id 21841 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21841 title CentOS 3 / 4 : php (CESA-2005:564) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6596BB80D02611D99AED000E0C2E438A.NASL description A Zataz advisory reports that shtool contains a security flaw which could allow a malicious local user to create or overwrite the contents of arbitrary files. The attacker could fool a user into executing the arbitrary file possibly executing arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 18964 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18964 title FreeBSD : shtool -- insecure temporary file creation (6596bb80-d026-11d9-9aed-000e0c2e438a) NASL family Fedora Local Security Checks NASL id FEDORA_2005-518.NASL description This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Bug fixes for the dom, ldap, and gd extensions are also included in this update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18625 published 2005-07-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18625 title Fedora Core 4 : php-5.0.4-10.3 (2005-518)
Oval
accepted 2005-09-21T01:33:00.000-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux description Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. family unix id oval:org.mitre.oval:def:345 status accepted submitted 2005-07-19T12:00:00.000-04:00 title shtool Race Condition version 4 accepted 2013-04-29T04:20:56.852-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. family unix id oval:org.mitre.oval:def:9639 status accepted submitted 2010-07-09T03:56:16-04:00 title Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. version 26
Redhat
| advisories |
| ||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-09-19 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158995 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
References
- http://bugs.gentoo.org/show_bug.cgi?id=93782
- http://bugs.gentoo.org/show_bug.cgi?id=93782
- http://marc.info/?l=bugtraq&m=111955937622637&w=2
- http://marc.info/?l=bugtraq&m=111955937622637&w=2
- http://secunia.com/advisories/15496
- http://secunia.com/advisories/15496
- http://secunia.com/advisories/15668
- http://secunia.com/advisories/15668
- http://securitytracker.com/id?1014059
- http://securitytracker.com/id?1014059
- http://www.debian.org/security/2005/dsa-789
- http://www.debian.org/security/2005/dsa-789
- http://www.gentoo.org/security/en/glsa/glsa-200506-08.xml
- http://www.gentoo.org/security/en/glsa/glsa-200506-08.xml
- http://www.redhat.com/support/errata/RHSA-2005-564.html
- http://www.redhat.com/support/errata/RHSA-2005-564.html
- http://www.securityfocus.com/bid/13767
- http://www.securityfocus.com/bid/13767
- http://www.zataz.net/adviso/shtool-05252005.txt
- http://www.zataz.net/adviso/shtool-05252005.txt
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A345
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A345
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9639
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9639