CVE-2005-3349 - OpenCVE

GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Gnump3d

Configuration 1 [-]

OR	cpe:2.3:a:gnu:gnump3d::::::::
	cpe:2.3:a:gnu:gnump3d:2.9:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.1:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.2:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.3:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.4:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.5:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.6:::::::*

References

Link	Resource
http://secunia.com/advisories/17646	Patch Vendor Advisory
http://secunia.com/advisories/17647	Patch Vendor Advisory
http://secunia.com/advisories/17656	Patch Vendor Advisory
http://www.debian.org/security/2005/dsa-901	Patch
http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml	Patch
http://www.gnu.org/software/gnump3d/ChangeLog	Patch
http://www.gnu.org/software/gnump3d/attacks.html#temporary-files
http://www.novell.com/linux/security/advisories/2005_28_sr.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/15497	Patch
http://www.vupen.com/english/advisories/2005/2489	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2005-11-18T22:00:00

Updated: 2005-11-24T10:00:00

Reserved: 2005-10-27T00:00:00

Link: CVE-2005-3349

JSON object: View

NVD Information

Status : Analyzed

Published: 2005-11-18T22:03:00.000

Modified: 2011-10-18T04:00:00.000

Link: CVE-2005-3349

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-11-24T10:00:00", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "SUSE-SR:2005:028", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"}, {"name": "15497", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15497"}, {"name": "17647", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17647"}, {"name": "ADV-2005-2489", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2489"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"}, {"name": "GLSA-200511-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.gnu.org/software/gnump3d/ChangeLog"}, {"name": "17646", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17646"}, {"name": "17656", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17656"}, {"name": "DSA-901", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-901"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2005-3349", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SR:2005:028", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"}, {"name": "15497", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15497"}, {"name": "17647", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17647"}, {"name": "ADV-2005-2489", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2489"}, {"name": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files", "refsource": "MISC", "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"}, {"name": "GLSA-200511-16", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"}, {"name": "http://www.gnu.org/software/gnump3d/ChangeLog", "refsource": "CONFIRM", "url": "http://www.gnu.org/software/gnump3d/ChangeLog"}, {"name": "17646", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17646"}, {"name": "17656", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17656"}, {"name": "DSA-901", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-901"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2005-3349", "datePublished": "2005-11-18T22:00:00", "dateReserved": "2005-10-27T00:00:00", "dateUpdated": "2005-11-24T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gnump3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D8CF159-A4B3-493E-957F-C9B856ACE404", "versionEndIncluding": "2.9.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9:*:*:*:*:*:*:*", "matchCriteriaId": "D9B30C1E-E26C-4208-96E0-10B46FF4D0D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "30ED7127-4906-4C95-8180-57E7276FD760", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "9841DC70-40C0-4BC9-A541-76ED29D17825", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "0215148C-BC39-43D9-992B-60AF00250234", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "967F0E62-2613-49B5-8607-BE28491574AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "6B9BF88B-E1F1-4E90-87F1-D6C186EECE89", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "53064746-D281-4E47-B147-8AC75C7B4DC0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file."}], "id": "CVE-2005-3349", "lastModified": "2011-10-18T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-11-18T22:03:00.000", "references": [{"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17646"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17647"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17656"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.debian.org/security/2005/dsa-901"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.gnu.org/software/gnump3d/ChangeLog"}, {"source": "security@debian.org", "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/15497"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2489"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}