Vulnerability Details CVE-2005-2918
The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://bugs.gentoo.org/show_bug.cgi?id=104565
- http://marc.info/?l=bugtraq&m=112680706715109&w=2
- http://secunia.com/advisories/16951
- http://secunia.com/advisories/17005
- http://secunia.com/advisories/17056
- http://www.debian.org/security/2005/dsa-822
- http://www.gentoo.org/security/en/glsa/glsa-200510-01.xml
- http://www.zataz.net/adviso/gtkdiskfree-09052005.txt
- http://bugs.gentoo.org/show_bug.cgi?id=104565
- http://marc.info/?l=bugtraq&m=112680706715109&w=2
- http://secunia.com/advisories/16951
- http://secunia.com/advisories/17005
- http://secunia.com/advisories/17056
- http://www.debian.org/security/2005/dsa-822
- http://www.gentoo.org/security/en/glsa/glsa-200510-01.xml
- http://www.zataz.net/adviso/gtkdiskfree-09052005.txt
Products affected by CVE-2005-2918
-
cpe:2.3:a:gtkdiskfree:gtkdiskfree:*