Vulnerability Details CVE-2005-4660
Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.2%
CVSS Severity
CVSS v2 Score 1.2
References
- http://secunia.com/advisories/17513/
- http://sourceforge.net/tracker/index.php?func=detail&aid=1344047&group_id=40604&atid=428516
- http://www.securityfocus.com/bid/15378
- http://secunia.com/advisories/17513/
- http://sourceforge.net/tracker/index.php?func=detail&aid=1344047&group_id=40604&atid=428516
- http://www.securityfocus.com/bid/15378
Products affected by CVE-2005-4660
-
cpe:2.3:a:ipcop:ipcop:1.4.1
-
cpe:2.3:a:ipcop:ipcop:1.4.2
-
cpe:2.3:a:ipcop:ipcop:1.4.4
-
cpe:2.3:a:ipcop:ipcop:1.4.5
-
cpe:2.3:a:ipcop:ipcop:1.4.6
-
cpe:2.3:a:ipcop:ipcop:1.4.8
-
cpe:2.3:a:ipcop:ipcop:1.4.9