1.2.5

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

log4sh

NVD

Published: 2005-09-02

Updated: 2011-03-08

Summary

The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames.

Vulnerable Configurations

Part	Description	Count
Application	Log4Sh Log4Sh Log4Sh 1.2.3 Log4Sh Log4Sh 1.2.4 Log4Sh Log4Sh 1.2.5	3

References

http://archives.neohapsis.com/archives/vulnwatch/2005-q3/0001.html
http://bugs.gentoo.org/show_bug.cgi?id=94069
http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/034873.html
http://secunia.com/advisories/15899
http://www.securityfocus.com/bid/14140
http://www.vupen.com/english/advisories/2005/0957
http://www.zataz.net/adviso/log4sh-06092005.txt