Vulnerabilities > CVE-2005-1751 - Unspecified vulnerability in Shtool

047910
CVSS 3.7 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
high complexity
shtool
nessus

Summary

Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.

Vulnerable Configurations

Part Description Count
Application
Shtool
1

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-517.NASL
    descriptionThis update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id18624
    published2005-07-06
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18624
    titleFedora Core 3 : php-4.3.11-2.6 (2005-517)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-517.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18624);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:24");
    
      script_cve_id("CVE-2005-1921");
      script_xref(name:"FEDORA", value:"2005-517");
    
      script_name(english:"Fedora Core 3 : php-4.3.11-2.6 (2005-517)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update includes the PEAR XML_RPC 1.3.1 package, which fixes a
    security issue in the XML_RPC server implementation. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2005-1921 to this issue.
    
    The bundled version of shtool is also updated, to fix some temporary
    file handling races. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-July/001031.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?55b9a7ea"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'PHP XML-RPC Arbitrary Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-domxml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ncurses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/07/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"php-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-debuginfo-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-devel-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-domxml-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-gd-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-imap-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-ldap-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-mbstring-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-mysql-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-ncurses-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-odbc-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-pear-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-pgsql-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-snmp-4.3.11-2.6")) flag++;
    if (rpm_check(release:"FC3", reference:"php-xmlrpc-4.3.11-2.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-debuginfo / php-devel / php-domxml / php-gd / php-imap / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-564.NASL
    descriptionUpdated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the
    last seen2020-06-01
    modified2020-06-02
    plugin id18648
    published2005-07-08
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18648
    titleRHEL 3 / 4 : php (RHSA-2005:564)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:564. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18648);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-1751", "CVE-2005-1921");
      script_bugtraq_id(14088);
      script_xref(name:"RHSA", value:"2005:564");
    
      script_name(english:"RHEL 3 / 4 : php (RHSA-2005:564)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated PHP packages that fix two security issues are now available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    PHP is an HTML-embedded scripting language commonly used with the
    Apache HTTP Web server.
    
    A bug was discovered in the PEAR XML-RPC Server package included in
    PHP. If a PHP script is used which implements an XML-RPC Server using
    the PEAR XML-RPC package, then it is possible for a remote attacker to
    construct an XML-RPC request which can cause PHP to execute arbitrary
    PHP commands as the 'apache' user. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921
    to this issue.
    
    When using the default SELinux 'targeted' policy on Red Hat Enterprise
    Linux 4, the impact of this issue is reduced since the scripts
    executed by PHP are constrained within the httpd_sys_script_t security
    context.
    
    A race condition in temporary file handling was discovered in the
    shtool script installed by PHP. If a third-party PHP module which uses
    shtool was compiled as root, a local user may be able to modify
    arbitrary files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue.
    
    Users of PHP should upgrade to these updated packages, which contain
    backported fixes for these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:564"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'PHP XML-RPC Arbitrary Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-domxml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ncurses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/07/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:564";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"php-4.3.2-24.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-devel-4.3.2-24.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-imap-4.3.2-24.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-ldap-4.3.2-24.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-mysql-4.3.2-24.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-odbc-4.3.2-24.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"php-pgsql-4.3.2-24.ent")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"php-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-devel-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-domxml-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-gd-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-imap-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-ldap-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-mbstring-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-mysql-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-ncurses-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-odbc-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-pear-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-pgsql-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-snmp-4.3.9-3.7")) flag++;
      if (rpm_check(release:"RHEL4", reference:"php-xmlrpc-4.3.9-3.7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200506-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200506-08 (GNU shtool, ocaml-mysql: Insecure temporary file creation) Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames (CAN-2005-1751). On closer inspection, Gentoo Security discovered that the shtool temporary file, once created, was being reused insecurely (CAN-2005-1759). Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a GNU shtool script is executed, this would result in the file being overwritten with the rights of the user running the script, which could be the root user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id18465
    published2005-06-11
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18465
    titleGLSA-200506-08 : GNU shtool, ocaml-mysql: Insecure temporary file creation
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-789.NASL
    descriptionSeveral security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. - CAN-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements.
    last seen2020-06-01
    modified2020-06-02
    plugin id19532
    published2005-08-30
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19532
    titleDebian DSA-789-1 : php4 - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-171-1.NASL
    descriptionCAN-2005-1751 : The php4-dev package ships a copy of the
    last seen2020-06-01
    modified2020-06-02
    plugin id20578
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20578
    titleUbuntu 4.10 / 5.04 : php4 vulnerabilities (USN-171-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-564.NASL
    descriptionUpdated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the
    last seen2020-06-01
    modified2020-06-02
    plugin id21841
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21841
    titleCentOS 3 / 4 : php (CESA-2005:564)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6596BB80D02611D99AED000E0C2E438A.NASL
    descriptionA Zataz advisory reports that shtool contains a security flaw which could allow a malicious local user to create or overwrite the contents of arbitrary files. The attacker could fool a user into executing the arbitrary file possibly executing arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id18964
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18964
    titleFreeBSD : shtool -- insecure temporary file creation (6596bb80-d026-11d9-9aed-000e0c2e438a)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-518.NASL
    descriptionThis update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Bug fixes for the dom, ldap, and gd extensions are also included in this update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id18625
    published2005-07-06
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18625
    titleFedora Core 4 : php-5.0.4-10.3 (2005-518)

Oval

  • accepted2005-09-21T01:33:00.000-04:00
    classvulnerability
    contributors
    nameJay Beale
    organizationBastille Linux
    descriptionRace condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
    familyunix
    idoval:org.mitre.oval:def:345
    statusaccepted
    submitted2005-07-19T12:00:00.000-04:00
    titleshtool Race Condition
    version4
  • accepted2013-04-29T04:20:56.852-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    descriptionRace condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
    familyunix
    idoval:org.mitre.oval:def:9639
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleRace condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
    version26

Redhat

advisories
rhsa
idRHSA-2005:564
rpms
  • php-0:4.3.2-24.ent
  • php-0:4.3.9-3.7
  • php-debuginfo-0:4.3.2-24.ent
  • php-debuginfo-0:4.3.9-3.7
  • php-devel-0:4.3.2-24.ent
  • php-devel-0:4.3.9-3.7
  • php-domxml-0:4.3.9-3.7
  • php-gd-0:4.3.9-3.7
  • php-imap-0:4.3.2-24.ent
  • php-imap-0:4.3.9-3.7
  • php-ldap-0:4.3.2-24.ent
  • php-ldap-0:4.3.9-3.7
  • php-mbstring-0:4.3.9-3.7
  • php-mysql-0:4.3.2-24.ent
  • php-mysql-0:4.3.9-3.7
  • php-ncurses-0:4.3.9-3.7
  • php-odbc-0:4.3.2-24.ent
  • php-odbc-0:4.3.9-3.7
  • php-pear-0:4.3.9-3.7
  • php-pgsql-0:4.3.2-24.ent
  • php-pgsql-0:4.3.9-3.7
  • php-snmp-0:4.3.9-3.7
  • php-xmlrpc-0:4.3.9-3.7

Statements

contributorMark J Cox
lastmodified2006-09-19
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158995 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/