Vulnerabilities > CVE-2006-0512 - Local Security vulnerability in Padl Software Migrationtools 46
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1187.NASL |
description | Jason Hoover discovered that migrationtools, a collection of scripts to migrate user data to LDAP creates several temporary files insecurely, which might lead to denial of service through a symlink attack. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22729 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22729 |
title | Debian DSA-1187-1 : migrationtools - insecure temporary files |
code |
|
Statements
contributor | Vincent Danen |
lastmodified | 2006-10-04 |
organization | Mandriva |
statement | Mandriva has patched the migrationtools since August 2005 to use mktemp so is not vulnerable to this issue. |