CVE-2005-3268 - OpenCVE

yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Raphael Bossek	Yiff Server

Configuration 1 [-]

cpe:2.3:a:raphael_bossek:yiff_server:2.14.2.7:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334616
http://secunia.com/advisories/17242	Vendor Advisory
http://www.osvdb.org/20074
http://www.securityfocus.com/bid/15140

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2005-10-20T04:00:00

Updated: 2006-04-04T09:00:00

Reserved: 2005-10-20T00:00:00

Link: CVE-2005-3268

JSON object: View

NVD Information

Status : Analyzed

Published: 2005-10-20T23:02:00.000

Modified: 2008-09-05T20:53:54.590

Link: CVE-2005-3268

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-04-04T09:00:00", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "17242", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17242"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334616"}, {"name": "15140", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15140"}, {"name": "20074", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20074"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2005-3268", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17242", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17242"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334616", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334616"}, {"name": "15140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15140"}, {"name": "20074", "refsource": "OSVDB", "url": "http://www.osvdb.org/20074"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2005-3268", "datePublished": "2005-10-20T04:00:00", "dateReserved": "2005-10-20T00:00:00", "dateUpdated": "2006-04-04T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}