Vulnerabilities > CVE-2005-1914 - Unspecified vulnerability in Centericq

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

centericq

nessus

NVD

Published: 2005-07-18

Updated: 2008-09-05

Summary

CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.

Vulnerable Configurations

Part	Description	Count
Application	Centericq Centericq Centericq 4.5.0.3 Centericq Centericq 4.5.1 Centericq Centericq 4.5.1.3 Centericq Centericq 4.6.0 Centericq Centericq 4.6.0.3 Centericq Centericq 4.6.5 Centericq Centericq 4.6.5.3 Centericq Centericq 4.6.9 Centericq Centericq 4.6.9.3 Centericq Centericq 4.7.1 Centericq Centericq 4.7.1.3 Centericq Centericq 4.7.2 Centericq Centericq 4.7.2.3 Centericq Centericq 4.7.7 Centericq Centericq 4.7.7.3 Centericq Centericq 4.7.8 Centericq Centericq 4.7.8.3 Centericq Centericq 4.8.0 Centericq Centericq 4.8.0.1 Centericq Centericq 4.8.2 Centericq Centericq 4.8.2.1 Centericq Centericq 4.8.3 Centericq Centericq 4.8.3.1 Centericq Centericq 4.8.4 Centericq Centericq 4.8.4.1 Centericq Centericq 4.8.5 Centericq Centericq 4.8.5.1 Centericq Centericq 4.8.6 Centericq Centericq 4.8.6.1 Centericq Centericq 4.8.7 Centericq Centericq 4.8.7.1 Centericq Centericq 4.8.8 Centericq Centericq 4.8.8.1 Centericq Centericq 4.8.9 Centericq Centericq 4.9.0 Centericq Centericq 4.9.0.1 Centericq Centericq 4.9.1 Centericq Centericq 4.9.1.1 Centericq Centericq 4.9.2 Centericq Centericq 4.9.2.1 Centericq Centericq 4.9.3 Centericq Centericq 4.9.3.1 Centericq Centericq 4.9.4 Centericq Centericq 4.9.4.1 Centericq Centericq 4.9.5 Centericq Centericq 4.9.5.1 Centericq Centericq 4.9.6 Centericq Centericq 4.9.6.1 Centericq Centericq 4.9.7 Centericq Centericq 4.9.7.1 Centericq Centericq 4.9.8 Centericq Centericq 4.9.9 Centericq Centericq 4.9.9.1 Centericq Centericq 4.9.10 Centericq Centericq 4.9.10.1 Centericq Centericq 4.9.11 Centericq Centericq 4.9.11.1 Centericq Centericq 4.9.12 Centericq Centericq 4.9.12.1 Centericq Centericq 4.10.0.1 Centericq Centericq 4.11.0.1 Centericq Centericq 4.12 Centericq Centericq 4.12.0.1 Centericq Centericq 4.13 Centericq Centericq 4.13.0.1 Centericq Centericq 4.14 Centericq Centericq 4.14.0.1 Centericq Centericq 4.20 Centericq Centericq 4.20.0.1	69

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-773.NASL
description	This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well.
last seen	2020-06-01
modified	2020-06-02
plugin id	57528
published	2012-01-12
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57528
title	Debian DSA-773-1 : amd64 - several vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-773. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(57528); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-0392", "CVE-2005-0393", "CVE-2005-0469", "CVE-2005-0753", "CVE-2005-1151", "CVE-2005-1152", "CVE-2005-1174", "CVE-2005-1175", "CVE-2005-1266", "CVE-2005-1269", "CVE-2005-1545", "CVE-2005-1546", "CVE-2005-1686", "CVE-2005-1689", "CVE-2005-1796", "CVE-2005-1848", "CVE-2005-1849", "CVE-2005-1850", "CVE-2005-1851", "CVE-2005-1852", "CVE-2005-1853", "CVE-2005-1858", "CVE-2005-1914", "CVE-2005-1916", "CVE-2005-1922", "CVE-2005-1923", "CVE-2005-1934", "CVE-2005-1992", "CVE-2005-1993", "CVE-2005-2024", "CVE-2005-2040", "CVE-2005-2056", "CVE-2005-2070", "CVE-2005-2096", "CVE-2005-2231", "CVE-2005-2250", "CVE-2005-2277", "CVE-2005-2301", "CVE-2005-2302", "CVE-2005-2370"); script_xref(name:"DSA", value:"773"); script_name(english:"Debian DSA-773-1 : amd64 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-773" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected several package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:several"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/12"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"affix", reference:"2.1.1-2")) flag++; if (deb_check(release:"3.1", prefix:"centericq", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"centericq-common", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"centericq-fribidi", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"centericq-utf8", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"clamav", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"clamav-daemon", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"clamav-freshclam", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"clamav-milter", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"crip", reference:"3.5-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"cvs", reference:"1.11.1p1debian-11")) flag++; if (deb_check(release:"3.1", prefix:"dhcpcd", reference:"1.3.22pl4-21sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ekg", reference:"1.5+20050411-5")) flag++; if (deb_check(release:"3.1", prefix:"ettercap", reference:"0.7.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ettercap-common", reference:"0.7.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ettercap-gtk", reference:"0.7.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"fuse-utils", reference:"2.2.1-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"gaim", reference:"1.2.1-1.4")) flag++; if (deb_check(release:"3.1", prefix:"gaim-dev", reference:"1.2.1-1.4")) flag++; if (deb_check(release:"3.1", prefix:"gedit", reference:"2.8.3-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"gopher", reference:"3.0.7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heartbeat", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"heartbeat-dev", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-clients", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-clients-x", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-dev", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-kdc", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-servers", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-servers-x", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ht", reference:"0.8.0-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"krb5-admin-server", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-clients", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-ftpd", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-kdc", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-rsh-server", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-telnetd", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-user", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libaffix-dev", reference:"2.1.1-2")) flag++; if (deb_check(release:"3.1", prefix:"libaffix2", reference:"2.1.1-2")) flag++; if (deb_check(release:"3.1", prefix:"libasn1-6-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libclamav-dev", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"libclamav1", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"libdbm-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libfuse-dev", reference:"2.2.1-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libfuse2", reference:"2.2.1-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libgadu-dev", reference:"1.5+20050411-5")) flag++; if (deb_check(release:"3.1", prefix:"libgadu3", reference:"1.5+20050411-5")) flag++; if (deb_check(release:"3.1", prefix:"libgdbm-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libgssapi1-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libhdb7-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkadm55", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libkadm5clnt4-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkadm5srv7-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkafs0-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkrb5-17-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkrb5-dev", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libkrb53", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libopenssl-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libpils-dev", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libpils0", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libreadline-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libruby1.8-dbg", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libstonith-dev", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libstonith0", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libtcltk-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-geo", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-ldap", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-mysql", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-pgsql", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-pipe", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-sqlite", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-recursor", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-server", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ppxp", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ppxp-dev", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ppxp-tcltk", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ppxp-x11", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"qpopper", reference:"4.0.5-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"qpopper-drac", reference:"4.0.5-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"razor", reference:"2.670-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ruby1.8-dev", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"spamc", reference:"3.0.3-2")) flag++; if (deb_check(release:"3.1", prefix:"stonith", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"sudo", reference:"1.6.8p7-1.1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"zlib-bin", reference:"1.2.2-4.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"zlib1g", reference:"1.2.2-4.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"zlib1g-dev", reference:"1.2.2-4.sarge.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-754.NASL
description	Eric Romang discovered that centericq, a text-mode multi-protocol instant messenger client, creates some temporary files with predictable filenames and is hence vulnerable to symlink attacks by local attackers.
last seen	2020-06-01
modified	2020-06-02
plugin id	19188
published	2005-07-13
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19188
title	Debian DSA-754-1 : centericq - insecure temporary file

Summary

Vulnerable Configurations

Nessus

References