Vulnerabilities > CVE-2005-2992 - Unspecified vulnerability in ARC
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN arc
nessus
Summary
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-843.NASL description Two vulnerabilities have been discovered in the ARC archive program under Unix. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2945 Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. - CAN-2005-2992 Joey Schulze discovered that the temporary file was created in an insecure fashion as well, leaving it open to a classic symlink attack. last seen 2020-06-01 modified 2020-06-02 plugin id 19847 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19847 title Debian DSA-843-1 : arc - insecure temporary file NASL family SuSE Local Security Checks NASL id SUSE9_10496.NASL description This updates fixes two bugs : - Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. (CVE-2005-2945) - Joey Schulze discovered that the temporary file was created in an insecure fashion as well, leaving it open to a classic symlink attack. (CVE-2005-2992) last seen 2020-06-01 modified 2020-06-02 plugin id 41079 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41079 title SuSE9 Security Update : arc (YOU Patch Number 10496)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0535.html
- http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0535.html
- http://marc.info/?l=bugtraq&m=112689596714383&w=2
- http://marc.info/?l=bugtraq&m=112689596714383&w=2
- http://secunia.com/advisories/16805
- http://secunia.com/advisories/16805
- http://secunia.com/advisories/17068
- http://secunia.com/advisories/17068
- http://securityreason.com/securityalert/11
- http://securityreason.com/securityalert/11
- http://www.debian.org/security/2005/dsa-843
- http://www.debian.org/security/2005/dsa-843