ID CVE-2003-0596
Summary FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time.
References
Vulnerable Configurations
  • cpe:2.3:a:fdclone:fdclone:2.00a
    cpe:2.3:a:fdclone:fdclone:2.00a
CVSS
Base: 3.6 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-352.NASL
description fdclone creates a temporary directory in /tmp as a workspace. However, if this directory already exists, the existing directory is used instead, regardless of its ownership or permissions. This would allow an attacker to gain access to fdclone's temporary files and their contents, or replace them with other files under the attacker's control.
last seen 2019-02-21
modified 2018-07-20
plugin id 15189
published 2004-09-29
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=15189
title Debian DSA-352-1 : fdclone - insecure temporary directory
refmap via4
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219
debian DSA-352
Last major update 07-12-2016 - 21:59
Published 27-08-2003 - 00:00
Back to Top