Vulnerabilities > CVE-2005-4659 - Information Disclosure vulnerability in IPCop Backup Key

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ipcop

NVD

Published: 2005-12-31

Updated: 2017-07-20

Summary

IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup.

Vulnerable Configurations

Part	Description	Count
Application	Ipcop Ipcop Ipcop 1.4.1 Ipcop Ipcop 1.4.2 Ipcop Ipcop 1.4.4 Ipcop Ipcop 1.4.5 Ipcop Ipcop 1.4.6 Ipcop Ipcop 1.4.8 Ipcop Ipcop 1.4.9	7

References

http://secunia.com/advisories/17513/
http://sourceforge.net/project/shownotes.php?release_id=369759
http://sourceforge.net/tracker/index.php?func=detail&aid=1344032&group_id=40604&atid=428516
http://www.securityfocus.com/bid/15377
https://exchange.xforce.ibmcloud.com/vulnerabilities/23056