1. CVE-Search
  2. CVE-2005-4536
ID CVE-2005-4536
Summary Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.
References
Vulnerable Configurations
  • cpe:2.3:a:debian:libmail-audit-perl:2.1-5:*:*:*:*:*:*:*
    cpe:2.3:a:debian:libmail-audit-perl:2.1-5:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 16434
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029
debian DSA-960
secunia
  • 18652
  • 18656
vupen ADV-2006-0378
xf perl-mail-audit-symlink(24380)
Last major update 20-07-2017 - 01:29
Published 31-12-2005 - 05:00
Last modified 20-07-2017 - 01:29
Back to Top