CVE-2006-3118 - OpenCVE

spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:H/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Spread

Configuration 1 [-]

cpe:2.3:a:canonical:spread:*:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617
http://www.securityfocus.com/bid/18675
https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2006-06-30T19:00:00

Updated: 2006-07-11T09:00:00

Reserved: 2006-06-21T00:00:00

Link: CVE-2006-3118

JSON object: View

NVD Information

Status : Analyzed

Published: 2006-06-30T19:05:00.000

Modified: 2008-09-05T21:06:17.407

Link: CVE-2006-3118

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-07-11T09:00:00", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171"}, {"name": "18675", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18675"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2006-3118", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171", "refsource": "MISC", "url": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171"}, {"name": "18675", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18675"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2006-3118", "datePublished": "2006-06-30T19:00:00", "dateReserved": "2006-06-21T00:00:00", "dateUpdated": "2006-07-11T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:spread:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBAC592F-0E73-44CA-AF3A-F351E30B7A4A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue."}, {"lang": "es", "value": "spread utiliza un archivo temporal con un nombre de archivo est\u00e1tico basado en el n\u00famero de puerto, lo que permite a los usuarios locales causar una denegaci\u00f3n de servicio, creando un archivo durante una condici\u00f3n de carrera entre llamadas a funciones \"unlink\" y \"blind\" NOTA: spread borra estos archivos temporales antes de su uso, lo que podr\u00eda causar conflictos con otros programas que usan el mismo nombre de archivo, pero esto no es un asunto distinto."}], "id": "CVE-2006-3118", "lastModified": "2008-09-05T21:06:17.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-30T19:05:00.000", "references": [{"source": "security@debian.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/18675"}, {"source": "security@debian.org", "url": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}