Vulnerabilities > CVE-2005-1759 - Unspecified vulnerability in Shtool

047910
CVSS 1.2 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
high complexity
shtool
nessus

Summary

Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751.

Vulnerable Configurations

Part Description Count
Application
Shtool
1

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200506-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200506-08 (GNU shtool, ocaml-mysql: Insecure temporary file creation) Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames (CAN-2005-1751). On closer inspection, Gentoo Security discovered that the shtool temporary file, once created, was being reused insecurely (CAN-2005-1759). Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a GNU shtool script is executed, this would result in the file being overwritten with the rights of the user running the script, which could be the root user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id18465
    published2005-06-11
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18465
    titleGLSA-200506-08 : GNU shtool, ocaml-mysql: Insecure temporary file creation
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-789.NASL
    descriptionSeveral security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. - CAN-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements.
    last seen2020-06-01
    modified2020-06-02
    plugin id19532
    published2005-08-30
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19532
    titleDebian DSA-789-1 : php4 - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-171-1.NASL
    descriptionCAN-2005-1751 : The php4-dev package ships a copy of the
    last seen2020-06-01
    modified2020-06-02
    plugin id20578
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20578
    titleUbuntu 4.10 / 5.04 : php4 vulnerabilities (USN-171-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6596BB80D02611D99AED000E0C2E438A.NASL
    descriptionA Zataz advisory reports that shtool contains a security flaw which could allow a malicious local user to create or overwrite the contents of arbitrary files. The attacker could fool a user into executing the arbitrary file possibly executing arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id18964
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18964
    titleFreeBSD : shtool -- insecure temporary file creation (6596bb80-d026-11d9-9aed-000e0c2e438a)