[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-0610Date: (C)2005-04-12   (M)2023-12-22


Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-13106
SECUNIA-14903
http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html

CPE    17
cpe:/o:freebsd:freebsd:4.10
cpe:/o:freebsd:freebsd:5.0
cpe:/o:freebsd:freebsd:5.1
cpe:/o:freebsd:freebsd:5.2
...

© SecPod Technologies