Vulnerabilities > CVE-2005-1759 - Unspecified vulnerability in Shtool
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200506-08.NASL description The remote host is affected by the vulnerability described in GLSA-200506-08 (GNU shtool, ocaml-mysql: Insecure temporary file creation) Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames (CAN-2005-1751). On closer inspection, Gentoo Security discovered that the shtool temporary file, once created, was being reused insecurely (CAN-2005-1759). Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a GNU shtool script is executed, this would result in the file being overwritten with the rights of the user running the script, which could be the root user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18465 published 2005-06-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18465 title GLSA-200506-08 : GNU shtool, ocaml-mysql: Insecure temporary file creation NASL family Debian Local Security Checks NASL id DEBIAN_DSA-789.NASL description Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. - CAN-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements. last seen 2020-06-01 modified 2020-06-02 plugin id 19532 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19532 title Debian DSA-789-1 : php4 - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-171-1.NASL description CAN-2005-1751 : The php4-dev package ships a copy of the last seen 2020-06-01 modified 2020-06-02 plugin id 20578 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20578 title Ubuntu 4.10 / 5.04 : php4 vulnerabilities (USN-171-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6596BB80D02611D99AED000E0C2E438A.NASL description A Zataz advisory reports that shtool contains a security flaw which could allow a malicious local user to create or overwrite the contents of arbitrary files. The attacker could fool a user into executing the arbitrary file possibly executing arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 18964 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18964 title FreeBSD : shtool -- insecure temporary file creation (6596bb80-d026-11d9-9aed-000e0c2e438a)