Vulnerabilities > CVE-2005-2672 - Unspecified vulnerability in LM Sensors LM Sensors

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
lm-sensors
nessus

Summary

pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-825.NASL
    descriptionUpdated lm_sensors packages that fix an insecure file issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. This package requires special support which is not in standard version 2.2 kernels. A bug was found in the way the pwmconfig tool creates temporary files. It is possible that a local attacker could leverage this flaw to overwrite arbitrary files located on the system. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2672 to this issue. Users of lm_sensors are advised to upgrade to these updated packages, which contain a backported patch that resolves this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id21968
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21968
    titleCentOS 4 : lm_sensors (CESA-2005:825)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:825 and 
    # CentOS Errata and Security Advisory 2005:825 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21968);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2005-2672");
      script_xref(name:"RHSA", value:"2005:825");
    
      script_name(english:"CentOS 4 : lm_sensors (CESA-2005:825)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated lm_sensors packages that fix an insecure file issue are now
    available.
    
    This update has been rated as having low security impact by the Red
    Hat Security Response Team.
    
    The lm_sensors package includes a collection of modules for general
    SMBus access and hardware monitoring. This package requires special
    support which is not in standard version 2.2 kernels.
    
    A bug was found in the way the pwmconfig tool creates temporary files.
    It is possible that a local attacker could leverage this flaw to
    overwrite arbitrary files located on the system. The Common
    Vulnerabilities and Exposures project has assigned the name
    CVE-2005-2672 to this issue.
    
    Users of lm_sensors are advised to upgrade to these updated packages,
    which contain a backported patch that resolves this issue."
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-November/012396.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3485033f"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-November/012397.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cd6fd687"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected lm_sensors packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:lm_sensors");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:lm_sensors-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"lm_sensors-2.8.7-2.40.3")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"lm_sensors-2.8.7-2.40.3")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"lm_sensors-devel-2.8.7-2.40.3")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"lm_sensors-devel-2.8.7-2.40.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lm_sensors / lm_sensors-devel");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-814.NASL
    descriptionJavier Fernandez-Sanguino Pena discovered that a script of lm-sensors, utilities to read temperature/voltage/fan sensors, creates a temporary file with a predictable filename, leaving it vulnerable for a symlink attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id19710
    published2005-09-17
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19710
    titleDebian DSA-814-1 : lm-sensors - insecure temporary file
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-814. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19710);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2005-2672");
      script_xref(name:"DSA", value:"814");
    
      script_name(english:"Debian DSA-814-1 : lm-sensors - insecure temporary file");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Javier Fernandez-Sanguino Pena discovered that a script of
    lm-sensors, utilities to read temperature/voltage/fan sensors, creates
    a temporary file with a predictable filename, leaving it vulnerable
    for a symlink attack."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-814"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the lm-sensors package.
    
    The old stable distribution (woody) is not affected by this problem.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.9.1-1sarge2."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lm-sensors");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/09/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/17");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"kernel-patch-2.4-lm-sensors", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"libsensors-dev", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"libsensors3", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"lm-sensors", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-2-386", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-2-586tsc", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-2-686", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-2-686-smp", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-2-k6", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-2-k7", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-2-k7-smp", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"lm-sensors-source", reference:"2.9.1-1sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"sensord", reference:"2.9.1-1sarge2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1053.NASL
    descriptionThe lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. NOTE: this package requires special support which is not in standard 2.2-vintage kernels. A bug was found in the pwmconfig tool which uses temporary files in an insecure manner. The pwconfig tool writes a configuration file which may be world readable for a short period of time. This file contains various information about the setup of lm_sensors on that machine. It could be modified within the short window to contain configuration data that would either render lm_sensors unusable or in the worst case even hang the machine resulting in a DoS. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2672 to this issue. Users of lm_sensors are advised to upgrade to these updated packages, which contain a patch which resolves this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20165
    published2005-11-08
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20165
    titleFedora Core 4 : lm_sensors-2.9.1-3.FC4.1 (2005-1053)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-1053.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20165);
      script_version ("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2005-2672");
      script_xref(name:"FEDORA", value:"2005-1053");
    
      script_name(english:"Fedora Core 4 : lm_sensors-2.9.1-3.FC4.1 (2005-1053)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The lm_sensors package includes a collection of modules for general
    SMBus access and hardware monitoring. NOTE: this package requires
    special support which is not in standard 2.2-vintage kernels.
    
    A bug was found in the pwmconfig tool which uses temporary files in an
    insecure manner. The pwconfig tool writes a configuration file which
    may be world readable for a short period of time. This file contains
    various information about the setup of lm_sensors on that machine. It
    could be modified within the short window to contain configuration
    data that would either render lm_sensors unusable or in the worst case
    even hang the machine resulting in a DoS. The Common Vulnerabilities
    and Exposures project has assigned the name CVE-2005-2672 to this
    issue.
    
    Users of lm_sensors are advised to upgrade to these updated packages,
    which contain a patch which resolves this issue.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-November/001547.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e4cca6e6"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected lm_sensors, lm_sensors-debuginfo and / or
    lm_sensors-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lm_sensors");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lm_sensors-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lm_sensors-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/11/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC4", reference:"lm_sensors-2.9.1-3.FC4.1")) flag++;
    if (rpm_check(release:"FC4", reference:"lm_sensors-debuginfo-2.9.1-3.FC4.1")) flag++;
    if (rpm_check(release:"FC4", reference:"lm_sensors-devel-2.9.1-3.FC4.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lm_sensors / lm_sensors-debuginfo / lm_sensors-devel");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-149.NASL
    descriptionJavier Fernandez-Sanguino Pena discovered that the pwmconfig script in the lm_sensors package created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges because pwmconfig is typically executed by root. The updated packages have been patched to correct this problem by using mktemp to create the temporary files.
    last seen2020-06-01
    modified2020-06-02
    plugin id19905
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19905
    titleMandrake Linux Security Advisory : lm_sensors (MDKSA-2005:149)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:149. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19905);
      script_version ("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2005-2672");
      script_xref(name:"MDKSA", value:"2005:149");
    
      script_name(english:"Mandrake Linux Security Advisory : lm_sensors (MDKSA-2005:149)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in
    the lm_sensors package created temporary files in an insecure manner.
    This could allow a symlink attack to create or overwrite arbitrary
    files with full root privileges because pwmconfig is typically
    executed by root.
    
    The updated packages have been patched to correct this problem by
    using mktemp to create the temporary files."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64lm_sensors3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64lm_sensors3-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64lm_sensors3-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:liblm_sensors3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:liblm_sensors3-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:liblm_sensors3-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lm_sensors");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/08/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64lm_sensors3-2.8.4-2.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64lm_sensors3-devel-2.8.4-2.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64lm_sensors3-static-devel-2.8.4-2.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"liblm_sensors3-2.8.4-2.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"liblm_sensors3-devel-2.8.4-2.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"liblm_sensors3-static-devel-2.8.4-2.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"lm_sensors-2.8.4-2.1.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64lm_sensors3-2.8.7-7.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64lm_sensors3-devel-2.8.7-7.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64lm_sensors3-static-devel-2.8.7-7.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"liblm_sensors3-2.8.7-7.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"liblm_sensors3-devel-2.8.7-7.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"liblm_sensors3-static-devel-2.8.7-7.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"lm_sensors-2.8.7-7.1.101mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64lm_sensors3-2.9.0-4.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64lm_sensors3-devel-2.9.0-4.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64lm_sensors3-static-devel-2.9.0-4.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"liblm_sensors3-2.9.0-4.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"liblm_sensors3-devel-2.9.0-4.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"liblm_sensors3-static-devel-2.9.0-4.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"lm_sensors-2.9.0-4.1.102mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-825.NASL
    descriptionUpdated lm_sensors packages that fix an insecure file issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. This package requires special support which is not in standard version 2.2 kernels. A bug was found in the way the pwmconfig tool creates temporary files. It is possible that a local attacker could leverage this flaw to overwrite arbitrary files located on the system. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2672 to this issue. Users of lm_sensors are advised to upgrade to these updated packages, which contain a backported patch that resolves this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id20205
    published2005-11-15
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20205
    titleRHEL 4 : lm_sensors (RHSA-2005:825)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:825. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20205);
      script_version ("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-2672");
      script_xref(name:"RHSA", value:"2005:825");
    
      script_name(english:"RHEL 4 : lm_sensors (RHSA-2005:825)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated lm_sensors packages that fix an insecure file issue are now
    available.
    
    This update has been rated as having low security impact by the Red
    Hat Security Response Team.
    
    The lm_sensors package includes a collection of modules for general
    SMBus access and hardware monitoring. This package requires special
    support which is not in standard version 2.2 kernels.
    
    A bug was found in the way the pwmconfig tool creates temporary files.
    It is possible that a local attacker could leverage this flaw to
    overwrite arbitrary files located on the system. The Common
    Vulnerabilities and Exposures project has assigned the name
    CVE-2005-2672 to this issue.
    
    Users of lm_sensors are advised to upgrade to these updated packages,
    which contain a backported patch that resolves this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-2672"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:825"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected lm_sensors and / or lm_sensors-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:lm_sensors");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:lm_sensors-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:825";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"lm_sensors-2.8.7-2.40.3")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"lm_sensors-2.8.7-2.40.3")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"lm_sensors-devel-2.8.7-2.40.3")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"lm_sensors-devel-2.8.7-2.40.3")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lm_sensors / lm_sensors-devel");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1054.NASL
    descriptionThe lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. NOTE: this package requires special support which is not in standard 2.2-vintage kernels. A bug was found in the pwmconfig tool which uses temporary files in an insecure manner. The pwconfig tool writes a configuration file which may be world readable for a short period of time. This file contains various information about the setup of lm_sensors on that machine. It could be modified within the short window to contain configuration data that would either render lm_sensors unusable or in the worst case even hang the machine resulting in a DoS. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2672 to this issue. Users of lm_sensors are advised to upgrade to these updated packages, which contain a patch which resolves this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20166
    published2005-11-08
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20166
    titleFedora Core 3 : lm_sensors-2.8.7-2.FC3.1 (2005-1054)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-1054.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20166);
      script_version ("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2005-2672");
      script_xref(name:"FEDORA", value:"2005-1054");
    
      script_name(english:"Fedora Core 3 : lm_sensors-2.8.7-2.FC3.1 (2005-1054)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The lm_sensors package includes a collection of modules for general
    SMBus access and hardware monitoring. NOTE: this package requires
    special support which is not in standard 2.2-vintage kernels.
    
    A bug was found in the pwmconfig tool which uses temporary files in an
    insecure manner. The pwconfig tool writes a configuration file which
    may be world readable for a short period of time. This file contains
    various information about the setup of lm_sensors on that machine. It
    could be modified within the short window to contain configuration
    data that would either render lm_sensors unusable or in the worst case
    even hang the machine resulting in a DoS. The Common Vulnerabilities
    and Exposures project has assigned the name CVE-2005-2672 to this
    issue.
    
    Users of lm_sensors are advised to upgrade to these updated packages,
    which contain a patch which resolves this issue.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-November/001548.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3b21dc4c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected lm_sensors, lm_sensors-debuginfo and / or
    lm_sensors-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lm_sensors");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lm_sensors-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lm_sensors-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/11/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"lm_sensors-2.8.7-2.FC3.1")) flag++;
    if (rpm_check(release:"FC3", reference:"lm_sensors-debuginfo-2.8.7-2.FC3.1")) flag++;
    if (rpm_check(release:"FC3", reference:"lm_sensors-devel-2.8.7-2.FC3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lm_sensors / lm_sensors-debuginfo / lm_sensors-devel");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200508-19.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200508-19 (lm_sensors: Insecure temporary file creation) Javier Fernandez-Sanguino Pena has discovered that lm_sensors insecurely creates temporary files with predictable filenames when saving configurations. Impact : A local attacker could create symbolic links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When the pwmconfig script of lm_sensors is executed, this would result in the file being overwritten with the rights of the user running the script, which typically is the root user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id19572
    published2005-09-06
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19572
    titleGLSA-200508-19 : lm_sensors: Insecure temporary file creation
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200508-19.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19572);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:42");
    
      script_cve_id("CVE-2005-2672");
      script_xref(name:"GLSA", value:"200508-19");
    
      script_name(english:"GLSA-200508-19 : lm_sensors: Insecure temporary file creation");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200508-19
    (lm_sensors: Insecure temporary file creation)
    
        Javier Fernandez-Sanguino Pena has discovered that lm_sensors
        insecurely creates temporary files with predictable filenames when
        saving configurations.
      
    Impact :
    
        A local attacker could create symbolic links in the temporary file
        directory, pointing to a valid file somewhere on the filesystem. When
        the pwmconfig script of lm_sensors is executed, this would result in
        the file being overwritten with the rights of the user running the
        script, which typically is the root user.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200508-19"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All lm_sensors users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=sys-apps/lm_sensors-2.9.1-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:lm_sensors");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/06");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"sys-apps/lm_sensors", unaffected:make_list("ge 2.9.1-r1"), vulnerable:make_list("lt 2.9.1-r1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lm_sensors");
    }
    

Oval

accepted2013-04-29T04:23:58.813-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionpwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
familyunix
idoval:org.mitre.oval:def:9993
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlepwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
version25

Redhat

advisories
rhsa
idRHSA-2005:825
rpms
  • lm_sensors-0:2.8.7-2.40.3
  • lm_sensors-debuginfo-0:2.8.7-2.40.3
  • lm_sensors-devel-0:2.8.7-2.40.3