Vulnerabilities > CVE-2005-4803 - Unspecified vulnerability in Graphviz

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
graphviz
nessus

Summary

graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier. This vulnerability is addressed in the following product release: Graphviz, Graphviz, 2.2.1

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-188.NASL
    descriptionJavier Fernández-Sanguino Peña discovered insecure temporary file creation in graphviz, a rich set of graph drawing tools, that can be exploited to overwrite arbitrary files by a local attacker. The updated packages have been patched to address this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id20433
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20433
    titleMandrake Linux Security Advisory : graphviz (MDKSA-2005:188)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-208-1.NASL
    descriptionJavier Fernandez-Sanguino Pena discovered that the
    last seen2020-06-01
    modified2020-06-02
    plugin id20625
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20625
    titleUbuntu 5.04 : graphviz vulnerability (USN-208-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-857.NASL
    descriptionJavier Fernandez-Sanguino Pena discovered insecure temporary file creation in graphviz, a rich set of graph drawing tools, that can be exploited to overwrite arbitrary files by a local attacker.
    last seen2020-06-01
    modified2020-06-02
    plugin id19965
    published2005-10-11
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19965
    titleDebian DSA-857-1 : graphviz - insecure temporary file