ID CVE-2005-2945
Summary arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
References
Vulnerable Configurations
  • cpe:2.3:a:arc:arc:5.21j
    cpe:2.3:a:arc:arc:5.21j
CVSS
Base: 2.1 (as of 16-09-2005 - 21:21)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-843.NASL
    description Two vulnerabilities have been discovered in the ARC archive program under Unix. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2945 Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. - CAN-2005-2992 Joey Schulze discovered that the temporary file was created in an insecure fashion as well, leaving it open to a classic symlink attack.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19847
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19847
    title Debian DSA-843-1 : arc - insecure temporary file
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_10496.NASL
    description This updates fixes two bugs : - Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. (CVE-2005-2945) - Joey Schulze discovered that the temporary file was created in an insecure fashion as well, leaving it open to a classic symlink attack. (CVE-2005-2992)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41079
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41079
    title SuSE9 Security Update : arc (YOU Patch Number 10496)
refmap via4
bugtraq 20050916 arc insecure temporary file creation
debian DSA-843
misc http://www.zataz.net/adviso/arc-09052005.txt
secunia
  • 16805
  • 17068
vulnwatch 20050916 arc insecure temporary file creation
Last major update 17-10-2016 - 23:31
Published 16-09-2005 - 17:03
Back to Top