Vulnerabilities > CVE-2005-2992 - Unspecified vulnerability in ARC

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
arc
nessus

Summary

arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.

Vulnerable Configurations

Part Description Count
Application
Arc
1

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-843.NASL
    descriptionTwo vulnerabilities have been discovered in the ARC archive program under Unix. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2945 Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. - CAN-2005-2992 Joey Schulze discovered that the temporary file was created in an insecure fashion as well, leaving it open to a classic symlink attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id19847
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19847
    titleDebian DSA-843-1 : arc - insecure temporary file
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_10496.NASL
    descriptionThis updates fixes two bugs : - Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. (CVE-2005-2945) - Joey Schulze discovered that the temporary file was created in an insecure fashion as well, leaving it open to a classic symlink attack. (CVE-2005-2992)
    last seen2020-06-01
    modified2020-06-02
    plugin id41079
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41079
    titleSuSE9 Security Update : arc (YOU Patch Number 10496)