Vulnerabilities > CVE-2005-4660 - Unspecified vulnerability in Ipcop

CVSS 1.2 - LOW

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

high complexity

ipcop

NVD

Published: 2005-12-31

Updated: 2008-09-05

Summary

Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup.

Vulnerable Configurations

Part	Description	Count
Application	Ipcop Ipcop Ipcop 1.4.1 Ipcop Ipcop 1.4.2 Ipcop Ipcop 1.4.4 Ipcop Ipcop 1.4.5 Ipcop Ipcop 1.4.6 Ipcop Ipcop 1.4.8 Ipcop Ipcop 1.4.9	7

References

http://secunia.com/advisories/17513/
http://sourceforge.net/tracker/index.php?func=detail&aid=1344047&group_id=40604&atid=428516
http://www.securityfocus.com/bid/15378