ID CVE-2005-3340
Summary The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:new_breed_software:tux_paint:0.9.14
    cpe:2.3:a:new_breed_software:tux_paint:0.9.14
CVSS
Base: 7.2 (as of 19-01-2006 - 09:33)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-941.NASL
    description Javier Fernandez-Sanguino Pena from the Debian Security Audit project discovered that a script in tuxpaint, a paint program for young children, creates a temporary file in an insecure fashion.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22807
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22807
    title Debian DSA-941-1 : tuxpaint - insecure temporary file
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-243-1.NASL
    description Javier Fernandez-Sanguino Pena discovered that the tuxpaint-import.sh script created a temporary file in an insecure way. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running tuxpaint. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20790
    published 2006-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20790
    title Ubuntu 5.10 : tuxpaint vulnerability (USN-243-1)
refmap via4
bid 16250
debian DSA-941
osvdb 22453
secunia
  • 18474
  • 18475
  • 18476
ubuntu USN-243-1
vupen ADV-2006-0193
xf tuxpaint-tmpfile-symlink(24128)
Last major update 07-03-2011 - 21:26
Published 31-12-2005 - 00:00
Last modified 03-10-2018 - 17:32
Back to Top