Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2005-2672
Vulnerability from cvelistv5
Published
2005-08-23 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
0.11%
(0.31228)
Summary
pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:45:01.893Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", }, { name: "1015180", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1015180", }, { name: "USN-172-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/172-1/", }, { name: "17535", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17535", }, { name: "16501", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16501", }, { name: "RHSA-2005:825", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-825.html", }, { name: "oval:org.mitre.oval:def:9993", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993", }, { name: "14624", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14624", }, { name: "MDKSA-2005:149", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149", }, { name: "17499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17499", }, { name: "ADV-2005-1492", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1492", }, { name: "DSA-814", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-814", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-08-22T00:00:00", descriptions: [ { lang: "en", value: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-03T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", }, { name: "1015180", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1015180", }, { name: "USN-172-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/172-1/", }, { name: "17535", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17535", }, { name: "16501", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16501", }, { name: "RHSA-2005:825", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-825.html", }, { name: "oval:org.mitre.oval:def:9993", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993", }, { name: "14624", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14624", }, { name: "MDKSA-2005:149", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149", }, { name: "17499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17499", }, { name: "ADV-2005-1492", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1492", }, { name: "DSA-814", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-814", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-2672", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", refsource: "CONFIRM", url: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", }, { name: "1015180", refsource: "SECTRACK", url: "http://securitytracker.com/id?1015180", }, { name: "USN-172-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/172-1/", }, { name: "17535", refsource: "SECUNIA", url: "http://secunia.com/advisories/17535", }, { name: "16501", refsource: "SECUNIA", url: "http://secunia.com/advisories/16501", }, { name: "RHSA-2005:825", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-825.html", }, { name: "oval:org.mitre.oval:def:9993", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993", }, { name: "14624", refsource: "BID", url: "http://www.securityfocus.com/bid/14624", }, { name: "MDKSA-2005:149", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149", }, { name: "17499", refsource: "SECUNIA", url: "http://secunia.com/advisories/17499", }, { name: "ADV-2005-1492", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2005/1492", }, { name: "DSA-814", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-814", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-2672", datePublished: "2005-08-23T04:00:00", dateReserved: "2005-08-23T00:00:00", dateUpdated: "2024-08-07T22:45:01.893Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2005-2672\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-08-23T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7022ABA4-523E-4416-A601-9E3AAB3A0316\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"830356D2-5389-4960-8E4A-A6E76C4174C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBE9AD6-8F09-4D59-8308-149400E124ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94CA80C3-E527-4389-A011-7AE16C93A272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"673F66B0-3C25-4128-9916-B7BCC58B72F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FDEA8EE-ECF5-4AA5-919B-0F4FCBA76DF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0366C9C6-1113-4DB7-9B9C-F322090518BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD0BDE5-DDED-4558-B8AE-076C1C6FAF59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFEB6CF7-17DE-4375-B865-99ACAA94862A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"048D63F2-FF53-46A5-8C7A-B303493DDF64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC0A70A0-0A7C-4049-836F-54BEC6ABEA0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CC338AB-CA3E-4EB1-81B4-7611EFC5EB12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F45928F-C0C3-4AE4-B5A7-00B0BC810D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC27691-32AB-4F7C-9578-B1B8505B1D26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96446EA9-55A7-42AA-95D6-7990D2C5591F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA5CFC2-87D3-4791-8ADE-D9E6AEA91675\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CA5EB26-218E-4D51-8A04-63521EBF19FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB74ADC3-C840-46DC-AAB2-2C559C167056\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"286A3AB7-2448-4658-A73B-8FF6DB3452EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"946C4E11-C3D5-4148-A8A0-3CBD599C4C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C8A8D40-5A2A-440F-878C-F2E7827ACDF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C182A4F0-6EC9-40AD-8055-5336E81F3D8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D03522F-2ABF-4FB1-AAE9-22245E4104EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"288B484B-8686-40E6-A2A0-1936A06AB46E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"893D901C-B093-4754-8CE0-F264BD595FDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0494E909-7125-40EC-B522-012A515C8802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C66C89EE-3A5B-4A49-AD8B-C0A3842262C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BD5DB74-EAB5-40EF-88EC-E779872DCFC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B9DD54B-6138-4FB3-950A-75944A356645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21E63031-6E13-43A8-8668-91DF1524F2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4C0B81E-C9C2-429C-9864-392904EA84F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B788580A-7ABD-4535-97C2-61092F5C77FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB36613C-0D0A-4695-A392-DFC0A9459D99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D21B37A6-354A-47CA-8849-DA14C34C5C74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5645DEA-2C2D-4748-915B-2B99D7C9DDBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E1A57CA-66C4-425F-AED2-739D2C1D40B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"775FDB7D-C397-4E92-B71E-439BF37BB88D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D25E827-906D-4911-BF53-67DCB8FBD0AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CCED5C6-E00A-4C43-B731-A9C3A2BDC4FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lm_sensors:lm_sensors:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CE53B8-C121-4B83-B506-2410EFCAA986\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/16501\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17499\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17535\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015180\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2005/dsa-814\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2005:149\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-825.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/14624\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/1492\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/172-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/16501\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17499\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015180\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2005/dsa-814\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2005:149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-825.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/14624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/1492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/172-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
ghsa-j7c4-q8wj-hjhf
Vulnerability from github
Published
2022-05-01 02:10
Modified
2025-04-03 04:16
Details
pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
{ affected: [], aliases: [ "CVE-2005-2672", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2005-08-23T04:00:00Z", severity: "LOW", }, details: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", id: "GHSA-j7c4-q8wj-hjhf", modified: "2025-04-03T04:16:46Z", published: "2022-05-01T02:10:42Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2672", }, { type: "WEB", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993", }, { type: "WEB", url: "https://usn.ubuntu.com/172-1", }, { type: "WEB", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", }, { type: "WEB", url: "http://secunia.com/advisories/16501", }, { type: "WEB", url: "http://secunia.com/advisories/17499", }, { type: "WEB", url: "http://secunia.com/advisories/17535", }, { type: "WEB", url: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", }, { type: "WEB", url: "http://securitytracker.com/id?1015180", }, { type: "WEB", url: "http://www.debian.org/security/2005/dsa-814", }, { type: "WEB", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149", }, { type: "WEB", url: "http://www.redhat.com/support/errata/RHSA-2005-825.html", }, { type: "WEB", url: "http://www.securityfocus.com/bid/14624", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2005/1492", }, ], schema_version: "1.4.0", severity: [], }
gsd-2005-2672
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
Aliases
Aliases
{ GSD: { alias: "CVE-2005-2672", description: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", id: "GSD-2005-2672", references: [ "https://www.suse.com/security/cve/CVE-2005-2672.html", "https://www.debian.org/security/2005/dsa-814", "https://access.redhat.com/errata/RHSA-2005:825", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2005-2672", ], details: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", id: "GSD-2005-2672", modified: "2023-12-13T01:20:10.177909Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-2672", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", refsource: "CONFIRM", url: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", }, { name: "1015180", refsource: "SECTRACK", url: "http://securitytracker.com/id?1015180", }, { name: "USN-172-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/172-1/", }, { name: "17535", refsource: "SECUNIA", url: "http://secunia.com/advisories/17535", }, { name: "16501", refsource: "SECUNIA", url: "http://secunia.com/advisories/16501", }, { name: "RHSA-2005:825", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-825.html", }, { name: "oval:org.mitre.oval:def:9993", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993", }, { name: "14624", refsource: "BID", url: "http://www.securityfocus.com/bid/14624", }, { name: "MDKSA-2005:149", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149", }, { name: "17499", refsource: "SECUNIA", url: "http://secunia.com/advisories/17499", }, { name: "ADV-2005-1492", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2005/1492", }, { name: "DSA-814", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-814", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.2.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.4.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:lm_sensors:lm_sensors:2.9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-2672", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], }, ], }, references: { reference_data: [ { name: "14624", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/14624", }, { name: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", refsource: "CONFIRM", tags: [], url: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", refsource: "CONFIRM", tags: [], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", }, { name: "MDKSA-2005:149", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149", }, { name: "DSA-814", refsource: "DEBIAN", tags: [], url: "http://www.debian.org/security/2005/dsa-814", }, { name: "RHSA-2005:825", refsource: "REDHAT", tags: [], url: "http://www.redhat.com/support/errata/RHSA-2005-825.html", }, { name: "1015180", refsource: "SECTRACK", tags: [], url: "http://securitytracker.com/id?1015180", }, { name: "16501", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/16501", }, { name: "17499", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/17499", }, { name: "17535", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/17535", }, { name: "ADV-2005-1492", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2005/1492", }, { name: "oval:org.mitre.oval:def:9993", refsource: "OVAL", tags: [], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993", }, { name: "USN-172-1", refsource: "UBUNTU", tags: [], url: "https://usn.ubuntu.com/172-1/", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: false, }, }, lastModifiedDate: "2018-10-03T21:31Z", publishedDate: "2005-08-23T04:00Z", }, }, }
rhsa-2005:825
Vulnerability from csaf_redhat
Published
2005-11-10 19:22
Modified
2024-11-22 00:03
Summary
Red Hat Security Advisory: lm_sensors security update
Notes
Topic
Updated lm_sensors packages that fix an insecure file issue are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring. This package requires special support which
is not in standard version 2.2 kernels.
A bug was found in the way the pwmconfig tool creates temporary files. It
is possible that a local attacker could leverage this flaw to overwrite
arbitrary files located on the system. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-2672 to this issue.
Users of lm_sensors are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated lm_sensors packages that fix an insecure file issue are now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", title: "Topic", }, { category: "general", text: "The lm_sensors package includes a collection of modules for general SMBus\naccess and hardware monitoring. This package requires special support which\nis not in standard version 2.2 kernels.\n\nA bug was found in the way the pwmconfig tool creates temporary files. It\nis possible that a local attacker could leverage this flaw to overwrite\narbitrary files located on the system. The Common Vulnerabilities and\nExposures project has assigned the name CVE-2005-2672 to this issue.\n\nUsers of lm_sensors are advised to upgrade to these updated packages, which\ncontain a backported patch that resolves this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2005:825", url: "https://access.redhat.com/errata/RHSA-2005:825", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "166672", url: "https://bugzilla.redhat.com/show_bug.cgi?id=166672", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_825.json", }, ], title: "Red Hat Security Advisory: lm_sensors security update", tracking: { current_release_date: "2024-11-22T00:03:11+00:00", generator: { date: "2024-11-22T00:03:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2005:825", initial_release_date: "2005-11-10T19:22:00+00:00", revision_history: [ { date: "2005-11-10T19:22:00+00:00", number: "1", summary: "Initial version", }, { date: "2005-11-10T00:00:00+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T00:03:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AS version 4", product: { name: "Red Hat Enterprise Linux AS version 4", product_id: "4AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::as", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop version 4", product: { name: "Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 4", product: { name: "Red Hat Enterprise Linux ES version 4", product_id: "4ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 4", product: { name: "Red Hat Enterprise Linux WS version 4", product_id: "4WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "lm_sensors-0:2.8.7-2.40.3.src", product: { name: "lm_sensors-0:2.8.7-2.40.3.src", product_id: "lm_sensors-0:2.8.7-2.40.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors@2.8.7-2.40.3?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "lm_sensors-0:2.8.7-2.40.3.x86_64", product: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64", product_id: "lm_sensors-0:2.8.7-2.40.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors@2.8.7-2.40.3?arch=x86_64", }, }, }, { category: "product_version", name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", product: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", product_id: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-debuginfo@2.8.7-2.40.3?arch=x86_64", }, }, }, { category: "product_version", name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", product: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", product_id: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-devel@2.8.7-2.40.3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "lm_sensors-0:2.8.7-2.40.3.i386", product: { name: "lm_sensors-0:2.8.7-2.40.3.i386", product_id: "lm_sensors-0:2.8.7-2.40.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors@2.8.7-2.40.3?arch=i386", }, }, }, { category: "product_version", name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", product: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", product_id: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-debuginfo@2.8.7-2.40.3?arch=i386", }, }, }, { category: "product_version", name: "lm_sensors-devel-0:2.8.7-2.40.3.i386", product: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386", product_id: "lm_sensors-devel-0:2.8.7-2.40.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-devel@2.8.7-2.40.3?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4WS", }, ], }, vulnerabilities: [ { cve: "CVE-2005-2672", discovery_date: "2005-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1617739", }, ], notes: [ { category: "description", text: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", title: "Vulnerability description", }, { category: "summary", text: "security flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS:lm_sensors-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-0:2.8.7-2.40.3.src", "4AS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-0:2.8.7-2.40.3.src", "4Desktop:lm_sensors-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-0:2.8.7-2.40.3.src", "4ES:lm_sensors-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-0:2.8.7-2.40.3.src", "4WS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-2672", }, { category: "external", summary: "RHBZ#1617739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1617739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-2672", url: "https://www.cve.org/CVERecord?id=CVE-2005-2672", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-2672", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2672", }, ], release_date: "2005-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2005-11-10T19:22:00+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.", product_ids: [ "4AS:lm_sensors-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-0:2.8.7-2.40.3.src", "4AS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-0:2.8.7-2.40.3.src", "4Desktop:lm_sensors-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-0:2.8.7-2.40.3.src", "4ES:lm_sensors-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-0:2.8.7-2.40.3.src", "4WS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2005:825", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "security flaw", }, ], }
RHSA-2005:825
Vulnerability from csaf_redhat
Published
2005-11-10 19:22
Modified
2024-11-22 00:03
Summary
Red Hat Security Advisory: lm_sensors security update
Notes
Topic
Updated lm_sensors packages that fix an insecure file issue are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring. This package requires special support which
is not in standard version 2.2 kernels.
A bug was found in the way the pwmconfig tool creates temporary files. It
is possible that a local attacker could leverage this flaw to overwrite
arbitrary files located on the system. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-2672 to this issue.
Users of lm_sensors are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated lm_sensors packages that fix an insecure file issue are now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", title: "Topic", }, { category: "general", text: "The lm_sensors package includes a collection of modules for general SMBus\naccess and hardware monitoring. This package requires special support which\nis not in standard version 2.2 kernels.\n\nA bug was found in the way the pwmconfig tool creates temporary files. It\nis possible that a local attacker could leverage this flaw to overwrite\narbitrary files located on the system. The Common Vulnerabilities and\nExposures project has assigned the name CVE-2005-2672 to this issue.\n\nUsers of lm_sensors are advised to upgrade to these updated packages, which\ncontain a backported patch that resolves this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2005:825", url: "https://access.redhat.com/errata/RHSA-2005:825", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "166672", url: "https://bugzilla.redhat.com/show_bug.cgi?id=166672", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_825.json", }, ], title: "Red Hat Security Advisory: lm_sensors security update", tracking: { current_release_date: "2024-11-22T00:03:11+00:00", generator: { date: "2024-11-22T00:03:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2005:825", initial_release_date: "2005-11-10T19:22:00+00:00", revision_history: [ { date: "2005-11-10T19:22:00+00:00", number: "1", summary: "Initial version", }, { date: "2005-11-10T00:00:00+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T00:03:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AS version 4", product: { name: "Red Hat Enterprise Linux AS version 4", product_id: "4AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::as", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop version 4", product: { name: "Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 4", product: { name: "Red Hat Enterprise Linux ES version 4", product_id: "4ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 4", product: { name: "Red Hat Enterprise Linux WS version 4", product_id: "4WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "lm_sensors-0:2.8.7-2.40.3.src", product: { name: "lm_sensors-0:2.8.7-2.40.3.src", product_id: "lm_sensors-0:2.8.7-2.40.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors@2.8.7-2.40.3?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "lm_sensors-0:2.8.7-2.40.3.x86_64", product: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64", product_id: "lm_sensors-0:2.8.7-2.40.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors@2.8.7-2.40.3?arch=x86_64", }, }, }, { category: "product_version", name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", product: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", product_id: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-debuginfo@2.8.7-2.40.3?arch=x86_64", }, }, }, { category: "product_version", name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", product: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", product_id: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-devel@2.8.7-2.40.3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "lm_sensors-0:2.8.7-2.40.3.i386", product: { name: "lm_sensors-0:2.8.7-2.40.3.i386", product_id: "lm_sensors-0:2.8.7-2.40.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors@2.8.7-2.40.3?arch=i386", }, }, }, { category: "product_version", name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", product: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", product_id: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-debuginfo@2.8.7-2.40.3?arch=i386", }, }, }, { category: "product_version", name: "lm_sensors-devel-0:2.8.7-2.40.3.i386", product: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386", product_id: "lm_sensors-devel-0:2.8.7-2.40.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-devel@2.8.7-2.40.3?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4WS", }, ], }, vulnerabilities: [ { cve: "CVE-2005-2672", discovery_date: "2005-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1617739", }, ], notes: [ { category: "description", text: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", title: "Vulnerability description", }, { category: "summary", text: "security flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS:lm_sensors-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-0:2.8.7-2.40.3.src", "4AS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-0:2.8.7-2.40.3.src", "4Desktop:lm_sensors-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-0:2.8.7-2.40.3.src", "4ES:lm_sensors-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-0:2.8.7-2.40.3.src", "4WS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-2672", }, { category: "external", summary: "RHBZ#1617739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1617739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-2672", url: "https://www.cve.org/CVERecord?id=CVE-2005-2672", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-2672", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2672", }, ], release_date: "2005-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2005-11-10T19:22:00+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.", product_ids: [ "4AS:lm_sensors-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-0:2.8.7-2.40.3.src", "4AS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-0:2.8.7-2.40.3.src", "4Desktop:lm_sensors-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-0:2.8.7-2.40.3.src", "4ES:lm_sensors-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-0:2.8.7-2.40.3.src", "4WS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2005:825", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "security flaw", }, ], }
rhsa-2005_825
Vulnerability from csaf_redhat
Published
2005-11-10 19:22
Modified
2024-11-22 00:03
Summary
Red Hat Security Advisory: lm_sensors security update
Notes
Topic
Updated lm_sensors packages that fix an insecure file issue are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring. This package requires special support which
is not in standard version 2.2 kernels.
A bug was found in the way the pwmconfig tool creates temporary files. It
is possible that a local attacker could leverage this flaw to overwrite
arbitrary files located on the system. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-2672 to this issue.
Users of lm_sensors are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated lm_sensors packages that fix an insecure file issue are now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", title: "Topic", }, { category: "general", text: "The lm_sensors package includes a collection of modules for general SMBus\naccess and hardware monitoring. This package requires special support which\nis not in standard version 2.2 kernels.\n\nA bug was found in the way the pwmconfig tool creates temporary files. It\nis possible that a local attacker could leverage this flaw to overwrite\narbitrary files located on the system. The Common Vulnerabilities and\nExposures project has assigned the name CVE-2005-2672 to this issue.\n\nUsers of lm_sensors are advised to upgrade to these updated packages, which\ncontain a backported patch that resolves this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2005:825", url: "https://access.redhat.com/errata/RHSA-2005:825", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "166672", url: "https://bugzilla.redhat.com/show_bug.cgi?id=166672", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_825.json", }, ], title: "Red Hat Security Advisory: lm_sensors security update", tracking: { current_release_date: "2024-11-22T00:03:11+00:00", generator: { date: "2024-11-22T00:03:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2005:825", initial_release_date: "2005-11-10T19:22:00+00:00", revision_history: [ { date: "2005-11-10T19:22:00+00:00", number: "1", summary: "Initial version", }, { date: "2005-11-10T00:00:00+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T00:03:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AS version 4", product: { name: "Red Hat Enterprise Linux AS version 4", product_id: "4AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::as", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop version 4", product: { name: "Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 4", product: { name: "Red Hat Enterprise Linux ES version 4", product_id: "4ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 4", product: { name: "Red Hat Enterprise Linux WS version 4", product_id: "4WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "lm_sensors-0:2.8.7-2.40.3.src", product: { name: "lm_sensors-0:2.8.7-2.40.3.src", product_id: "lm_sensors-0:2.8.7-2.40.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors@2.8.7-2.40.3?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "lm_sensors-0:2.8.7-2.40.3.x86_64", product: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64", product_id: "lm_sensors-0:2.8.7-2.40.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors@2.8.7-2.40.3?arch=x86_64", }, }, }, { category: "product_version", name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", product: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", product_id: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-debuginfo@2.8.7-2.40.3?arch=x86_64", }, }, }, { category: "product_version", name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", product: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", product_id: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-devel@2.8.7-2.40.3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "lm_sensors-0:2.8.7-2.40.3.i386", product: { name: "lm_sensors-0:2.8.7-2.40.3.i386", product_id: "lm_sensors-0:2.8.7-2.40.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors@2.8.7-2.40.3?arch=i386", }, }, }, { category: "product_version", name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", product: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", product_id: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-debuginfo@2.8.7-2.40.3?arch=i386", }, }, }, { category: "product_version", name: "lm_sensors-devel-0:2.8.7-2.40.3.i386", product: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386", product_id: "lm_sensors-devel-0:2.8.7-2.40.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/lm_sensors-devel@2.8.7-2.40.3?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.src as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-0:2.8.7-2.40.3.src", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.src", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-devel-0:2.8.7-2.40.3.i386", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", }, product_reference: "lm_sensors-devel-0:2.8.7-2.40.3.x86_64", relates_to_product_reference: "4WS", }, ], }, vulnerabilities: [ { cve: "CVE-2005-2672", discovery_date: "2005-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1617739", }, ], notes: [ { category: "description", text: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", title: "Vulnerability description", }, { category: "summary", text: "security flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS:lm_sensors-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-0:2.8.7-2.40.3.src", "4AS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-0:2.8.7-2.40.3.src", "4Desktop:lm_sensors-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-0:2.8.7-2.40.3.src", "4ES:lm_sensors-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-0:2.8.7-2.40.3.src", "4WS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-2672", }, { category: "external", summary: "RHBZ#1617739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1617739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-2672", url: "https://www.cve.org/CVERecord?id=CVE-2005-2672", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-2672", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2672", }, ], release_date: "2005-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2005-11-10T19:22:00+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.", product_ids: [ "4AS:lm_sensors-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-0:2.8.7-2.40.3.src", "4AS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4AS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-0:2.8.7-2.40.3.src", "4Desktop:lm_sensors-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4Desktop:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-0:2.8.7-2.40.3.src", "4ES:lm_sensors-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4ES:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-0:2.8.7-2.40.3.src", "4WS:lm_sensors-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-debuginfo-0:2.8.7-2.40.3.x86_64", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.i386", "4WS:lm_sensors-devel-0:2.8.7-2.40.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2005:825", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "security flaw", }, ], }
var-200508-0055
Vulnerability from variot
pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file. lm_sensors Implemented in pwmconfig The script contains temporary files in a security inappropriate manner (/tmp/fancontrol) Therefore, there is a vulnerability that is subject to symbolic link attacks.pwmconfig Any file may be overwritten with the authority of the user who executes the command. The issue exists in the 'pwmconfig' script. Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well. lm_sensors version 2.9.1 is reportedly affected, however, other versions may be vulnerable as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 814-1 security@debian.org http://www.debian.org/security/ Martin Schulze September 15th, 2005 http://www.debian.org/security/faq
Package : lm-sensors Vulnerability : insecure temporary file Problem type : local Debian-specific: no CVE ID : CAN-2005-2672] Debian Bug : 324193
Javier Fern\xe1ndez-Sanguino Pe\xf1a discovered that a script of lm-sensors, utilities to read temperature/voltage/fan sensors, creates a temporary file with a predictable filename, leaving it vulnerable for a symlink attack.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in version 2.9.1-1sarge2.
For the unstable distribution (sid) this problem has been fixed in version 2.9.1-7.
We recommend that you upgrade your lm-sensors package.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.dsc
Size/MD5 checksum: 1089 b29b66e67c0cdc230e00e5183724427a
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.diff.gz
Size/MD5 checksum: 32896 551c338fbc31a17f7fd909c8c18f495e
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz
Size/MD5 checksum: 870765 f5af615e39441d95471bdb72a3f01709
Architecture independent components:
http://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge2_all.deb
Size/MD5 checksum: 304604 9b936604bcb60dd90c26de965bc8ae7f
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge2_all.deb
Size/MD5 checksum: 956166 a4cc7cf62245912cca061249e7ff153e
Alpha architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_alpha.deb
Size/MD5 checksum: 107734 6672ce70e0a11a3db57b5cc5410a887f
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_alpha.deb
Size/MD5 checksum: 88004 07333a65127b12aaa3bb7593ca998fc8
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_alpha.deb
Size/MD5 checksum: 469638 2894c427fa1a171588ee25ec7944aeae
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_alpha.deb
Size/MD5 checksum: 60162 996e3f4caa6f99a509612ed9409538a1
AMD64 architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_amd64.deb
Size/MD5 checksum: 99604 5a2ecb59416841693f291c18ffc36b9f
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_amd64.deb
Size/MD5 checksum: 86024 be04743cfbe7a3dba14522ce35807a46
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_amd64.deb
Size/MD5 checksum: 471644 de8c9584f1d5bc2a2fc4134ebb0a5958
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_amd64.deb
Size/MD5 checksum: 57960 7d2bcf38f644cc293814d9be97e7e462
ARM architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_arm.deb
Size/MD5 checksum: 95374 76afc070abfaca6877c53b3dc97e2efe
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_arm.deb
Size/MD5 checksum: 77598 688a884f1c1a3d9966863f9dd13e6378
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_arm.deb
Size/MD5 checksum: 466524 f60ec616c55ffecd7d32d9ce6701520b
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_arm.deb
Size/MD5 checksum: 56518 001487c8ebf59a64eca3c4b1ebd3a4fc
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 93822 18985e4483e7ba7f1ee4e08c31e77ee6
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 77704 c7360febfe8fb136d4edc7447c4a3787
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 471594 4bb236b1ad878a31115d7231f624d53b
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 258638 9dab2f0c6ca40bb6b1fa648c72dea266
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 258646 27ec0369b7e5710cfa9b8a2f6dc7f976
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 258638 7b59494c8c7e836392ec8d29832a37f7
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 259220 1f84862f63d4b84ca52d3b0188eae27f
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 258658 f44895c10b0a2a66f9f8fc2fc1c08945
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 258950 fc63b5a3190378d192810b865db159d7
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 259496 acbd3d286c9f83c33075207a32297bfe
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_i386.deb
Size/MD5 checksum: 56282 4aaa87fa8ec4a9c7a80cc5fa2a2a65c7
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_ia64.deb
Size/MD5 checksum: 110518 31b9a4a92124027fc290af68a33c9d72
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_ia64.deb
Size/MD5 checksum: 94704 1c7b33cb67d43b00bc5c560e010cba42
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_ia64.deb
Size/MD5 checksum: 487502 b2c2e822feccd91e2cf4e16b788ee8b2
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_ia64.deb
Size/MD5 checksum: 63894 6f5dd42f2e9bfe4e6f6dfc0d657c231c
HP Precision architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_hppa.deb
Size/MD5 checksum: 103444 b90312374564a949899f1fc5efe0afca
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_hppa.deb
Size/MD5 checksum: 88110 c2c6817f83c05784e7ae6dfb342c3f45
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_hppa.deb
Size/MD5 checksum: 470520 cff17a1708ab3698cbe576845758f040
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_hppa.deb
Size/MD5 checksum: 59432 2316f77020a58c9bbcb4680e39093872
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_m68k.deb
Size/MD5 checksum: 95016 2570abfafb354bf68ff57e294010d9bd
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_m68k.deb
Size/MD5 checksum: 82760 8575a48b3ae56c05aa33b1dec7b7e7d8
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_m68k.deb
Size/MD5 checksum: 457278 2b04efc7078bfcac49bae53de1fa37f4
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_m68k.deb
Size/MD5 checksum: 55334 acf8cedc0bc7b9fcce51bf4028346aa4
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mips.deb
Size/MD5 checksum: 101340 65525f23eed1bb8bd56104db43613b64
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mips.deb
Size/MD5 checksum: 80346 78e1796d19b2a450001b7db46fa00971
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mips.deb
Size/MD5 checksum: 464976 77c81982d7dc7a6e3059e9b7bfe843ae
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mips.deb
Size/MD5 checksum: 58392 fce20208178fcf5e8b34f037a89ebeb8
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mipsel.deb
Size/MD5 checksum: 99308 561831d67a0b6c5a2c23ce19d63fd4e9
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mipsel.deb
Size/MD5 checksum: 78318 bf864fc9cc93f35f74cb383916b93187
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mipsel.deb
Size/MD5 checksum: 465612 90be081b2fe5d58208cdc22f922ace6a
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mipsel.deb
Size/MD5 checksum: 58452 862e8a3b5f5bf5ab9a7e37f91828a96a
PowerPC architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_powerpc.deb
Size/MD5 checksum: 105926 1c01fa48983ca51785fb6cebcb1352e7
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_powerpc.deb
Size/MD5 checksum: 84122 362b899e12a413c46a1aa3bb80ae9564
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_powerpc.deb
Size/MD5 checksum: 476730 326fe3274869079637c4a425430d9cc9
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_powerpc.deb
Size/MD5 checksum: 59362 2be27fc39b66107b8bc28df51bfd929f
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_s390.deb
Size/MD5 checksum: 105122 aa913f7a24298b97954809094c966d13
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_s390.deb
Size/MD5 checksum: 86884 2c6ebcada8848923a727f21d348089bf
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_s390.deb
Size/MD5 checksum: 463706 d0d5e649c114bd891c9dd5a742b3dd7f
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_s390.deb
Size/MD5 checksum: 57970 fccda7621dfee8331517dc5f47587246
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_sparc.deb
Size/MD5 checksum: 100274 63098e8e9f4c3fab8147c04aa17d811c
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_sparc.deb
Size/MD5 checksum: 80906 18db5ab878c2185c7a999f968b36e204
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_sparc.deb
Size/MD5 checksum: 470238 3edce01e75344d0a8a3985c564060243
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_sparc.deb
Size/MD5 checksum: 56654 c47257c9c9263f657a3e96f55b14c40b
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDKYEPW5ql+IAeqTIRAvkXAJsG3t7J+SurPWsgUlq3bgSvDTBr3gCgtCBV zykdnzOaXU1T+P83Q3O0KLQ= =z0Ex -----END PGP SIGNATURE-----
.
For more information: SA16501
SOLUTION: Update to "sys-apps/lm_sensors-2.9.1-r1" or later.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: LM Sensors Insecure Temporary File Creation Vulnerability
SECUNIA ADVISORY ID: SA16501
VERIFY ADVISORY: http://secunia.com/advisories/16501/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: LM Sensors 2.x http://secunia.com/product/5572/
DESCRIPTION: Javier Fernandez-Sanguino Pena has reported a vulnerability in LM Sensors, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
SOLUTION: Grant only trusted users access to vulnerable systems.
PROVIDED AND/OR DISCOVERED BY: Javier Fernandez-Sanguino Pena
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-19
http://security.gentoo.org/
Severity: Normal Title: lm_sensors: Insecure temporary file creation Date: August 30, 2005 Bugs: #103568 ID: 200508-19
Synopsis
lm_sensors is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.
Background
lm_sensors is a software package that provides drivers for monitoring the temperatures, voltages, and fans of Linux systems with hardware monitoring devices. When the pwmconfig script of lm_sensors is executed, this would result in the file being overwritten with the rights of the user running the script, which typically is the root user.
Workaround
There is no known workaround at this time.
Resolution
All lm_sensors users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/lm_sensors-2.9.1-r1"
References
[ 1 ] CAN-2005-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200508-19.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
.
For more information: SA16501
SOLUTION: Updated packages are available from Red Hat Network
Show details on source website{ affected_products: { _id: null, data: [ { _id: null, model: "lm sensors", scope: "eq", trust: 1.9, vendor: "lm sensors", version: "2.8.8", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1.9, vendor: "lm sensors", version: "2.8.7", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1.9, vendor: "lm sensors", version: "2.8.6", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1.9, vendor: "lm sensors", version: "2.8.4", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1.6, vendor: "lm sensors", version: "2.8.1", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1.6, vendor: "lm sensors", version: "2.9.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1.6, vendor: "lm sensors", version: "2.8.3", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1.6, vendor: "lm sensors", version: "2.8.5", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1.6, vendor: "lm sensors", version: "2.7.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1.6, vendor: "lm sensors", version: "2.8.2", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.6.4", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.6.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.6.1", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.5.2", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.5.4", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.1.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.1.2", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.0.2", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.2.1", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.3.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.5.3", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.2.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.4.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.5.1", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.6.5", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.0.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.5.5", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.3.1", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.6.3", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.5.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.2.2", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.3.2", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.3.4", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.6.2", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.3.3", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.8.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.4.5", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.1.1", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.0.1", }, { _id: null, model: "lm sensors", scope: "eq", trust: 1, vendor: "lm sensors", version: "2.4.4", }, { _id: null, model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "4.0", }, { _id: null, model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "4.0 (x86-64)", }, { _id: null, model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "4 (as)", }, { _id: null, model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "4 (es)", }, { _id: null, model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "4 (ws)", }, { _id: null, model: "fedora core4", scope: null, trust: 0.3, vendor: "redhat", version: null, }, { _id: null, model: "fedora core3", scope: null, trust: 0.3, vendor: "redhat", version: null, }, { _id: null, model: "enterprise linux ws", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { _id: null, model: "enterprise linux es", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { _id: null, model: "enterprise linux as", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { _id: null, model: "desktop", scope: "eq", trust: 0.3, vendor: "redhat", version: "4.0", }, { _id: null, model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "10.2", }, { _id: null, model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "10.2", }, { _id: null, model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "10.1", }, { _id: null, model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "10.1", }, { _id: null, model: "linux mandrake amd64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "10.0", }, { _id: null, model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "10.0", }, { _id: null, model: "corporate server x86 64", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "3.0", }, { _id: null, model: "corporate server", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "3.0", }, { _id: null, model: "lm sensors", scope: "eq", trust: 0.3, vendor: "lm sensors", version: "2.9.1", }, { _id: null, model: "lm sensors", scope: "eq", trust: 0.3, vendor: "lm sensors", version: "2.9", }, { _id: null, model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { _id: null, model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux ppc", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux mipsel", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux m68k", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux hppa", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux alpha", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, { _id: null, model: "linux", scope: "eq", trust: 0.3, vendor: "debian", version: "3.1", }, ], sources: [ { db: "BID", id: "14624", }, { db: "JVNDB", id: "JVNDB-2005-000504", }, { db: "CNNVD", id: "CNNVD-200508-267", }, { db: "NVD", id: "CVE-2005-2672", }, ], }, configurations: { _id: null, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:misc:miraclelinux_asianux_server", vulnerable: true, }, { cpe22Uri: "cpe:/o:redhat:enterprise_linux", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2005-000504", }, ], }, credits: { _id: null, data: "Discovery is credited to Javier Fernandez-Sanguino Pena.", sources: [ { db: "BID", id: "14624", }, { db: "CNNVD", id: "CNNVD-200508-267", }, ], trust: 0.9, }, cve: "CVE-2005-2672", cvss: { _id: null, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2005-2672", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1.9, vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "VHN-13881", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2005-2672", trust: 1, value: "LOW", }, { author: "NVD", id: "CVE-2005-2672", trust: 0.8, value: "Low", }, { author: "CNNVD", id: "CNNVD-200508-267", trust: 0.6, value: "LOW", }, { author: "VULHUB", id: "VHN-13881", trust: 0.1, value: "LOW", }, { author: "VULMON", id: "CVE-2005-2672", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-13881", }, { db: "VULMON", id: "CVE-2005-2672", }, { db: "JVNDB", id: "JVNDB-2005-000504", }, { db: "CNNVD", id: "CNNVD-200508-267", }, { db: "NVD", id: "CVE-2005-2672", }, ], }, description: { _id: null, data: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file. lm_sensors Implemented in pwmconfig The script contains temporary files in a security inappropriate manner (/tmp/fancontrol) Therefore, there is a vulnerability that is subject to symbolic link attacks.pwmconfig Any file may be overwritten with the authority of the user who executes the command. The issue exists in the 'pwmconfig' script. \nExploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well. \nlm_sensors version 2.9.1 is reportedly affected, however, other versions may be vulnerable as well. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 814-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nSeptember 15th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : lm-sensors\nVulnerability : insecure temporary file\nProblem type : local\nDebian-specific: no\nCVE ID : CAN-2005-2672]\nDebian Bug : 324193\n\nJavier Fern\\xe1ndez-Sanguino Pe\\xf1a discovered that a script of lm-sensors,\nutilities to read temperature/voltage/fan sensors, creates a temporary\nfile with a predictable filename, leaving it vulnerable for a symlink\nattack. \n\nThe old stable distribution (woody) is not affected by this problem. \n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.9.1-1sarge2. \n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.9.1-7. \n\nWe recommend that you upgrade your lm-sensors package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.dsc\n Size/MD5 checksum: 1089 b29b66e67c0cdc230e00e5183724427a\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.diff.gz\n Size/MD5 checksum: 32896 551c338fbc31a17f7fd909c8c18f495e\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz\n Size/MD5 checksum: 870765 f5af615e39441d95471bdb72a3f01709\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge2_all.deb\n Size/MD5 checksum: 304604 9b936604bcb60dd90c26de965bc8ae7f\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge2_all.deb\n Size/MD5 checksum: 956166 a4cc7cf62245912cca061249e7ff153e\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_alpha.deb\n Size/MD5 checksum: 107734 6672ce70e0a11a3db57b5cc5410a887f\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_alpha.deb\n Size/MD5 checksum: 88004 07333a65127b12aaa3bb7593ca998fc8\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_alpha.deb\n Size/MD5 checksum: 469638 2894c427fa1a171588ee25ec7944aeae\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_alpha.deb\n Size/MD5 checksum: 60162 996e3f4caa6f99a509612ed9409538a1\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_amd64.deb\n Size/MD5 checksum: 99604 5a2ecb59416841693f291c18ffc36b9f\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_amd64.deb\n Size/MD5 checksum: 86024 be04743cfbe7a3dba14522ce35807a46\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_amd64.deb\n Size/MD5 checksum: 471644 de8c9584f1d5bc2a2fc4134ebb0a5958\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_amd64.deb\n Size/MD5 checksum: 57960 7d2bcf38f644cc293814d9be97e7e462\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_arm.deb\n Size/MD5 checksum: 95374 76afc070abfaca6877c53b3dc97e2efe\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_arm.deb\n Size/MD5 checksum: 77598 688a884f1c1a3d9966863f9dd13e6378\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_arm.deb\n Size/MD5 checksum: 466524 f60ec616c55ffecd7d32d9ce6701520b\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_arm.deb\n Size/MD5 checksum: 56518 001487c8ebf59a64eca3c4b1ebd3a4fc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 93822 18985e4483e7ba7f1ee4e08c31e77ee6\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 77704 c7360febfe8fb136d4edc7447c4a3787\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 471594 4bb236b1ad878a31115d7231f624d53b\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 258638 9dab2f0c6ca40bb6b1fa648c72dea266\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 258646 27ec0369b7e5710cfa9b8a2f6dc7f976\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 258638 7b59494c8c7e836392ec8d29832a37f7\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 259220 1f84862f63d4b84ca52d3b0188eae27f\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 258658 f44895c10b0a2a66f9f8fc2fc1c08945\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 258950 fc63b5a3190378d192810b865db159d7\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 259496 acbd3d286c9f83c33075207a32297bfe\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_i386.deb\n Size/MD5 checksum: 56282 4aaa87fa8ec4a9c7a80cc5fa2a2a65c7\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_ia64.deb\n Size/MD5 checksum: 110518 31b9a4a92124027fc290af68a33c9d72\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_ia64.deb\n Size/MD5 checksum: 94704 1c7b33cb67d43b00bc5c560e010cba42\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_ia64.deb\n Size/MD5 checksum: 487502 b2c2e822feccd91e2cf4e16b788ee8b2\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_ia64.deb\n Size/MD5 checksum: 63894 6f5dd42f2e9bfe4e6f6dfc0d657c231c\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_hppa.deb\n Size/MD5 checksum: 103444 b90312374564a949899f1fc5efe0afca\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_hppa.deb\n Size/MD5 checksum: 88110 c2c6817f83c05784e7ae6dfb342c3f45\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_hppa.deb\n Size/MD5 checksum: 470520 cff17a1708ab3698cbe576845758f040\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_hppa.deb\n Size/MD5 checksum: 59432 2316f77020a58c9bbcb4680e39093872\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_m68k.deb\n Size/MD5 checksum: 95016 2570abfafb354bf68ff57e294010d9bd\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_m68k.deb\n Size/MD5 checksum: 82760 8575a48b3ae56c05aa33b1dec7b7e7d8\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_m68k.deb\n Size/MD5 checksum: 457278 2b04efc7078bfcac49bae53de1fa37f4\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_m68k.deb\n Size/MD5 checksum: 55334 acf8cedc0bc7b9fcce51bf4028346aa4\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mips.deb\n Size/MD5 checksum: 101340 65525f23eed1bb8bd56104db43613b64\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mips.deb\n Size/MD5 checksum: 80346 78e1796d19b2a450001b7db46fa00971\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mips.deb\n Size/MD5 checksum: 464976 77c81982d7dc7a6e3059e9b7bfe843ae\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mips.deb\n Size/MD5 checksum: 58392 fce20208178fcf5e8b34f037a89ebeb8\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mipsel.deb\n Size/MD5 checksum: 99308 561831d67a0b6c5a2c23ce19d63fd4e9\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mipsel.deb\n Size/MD5 checksum: 78318 bf864fc9cc93f35f74cb383916b93187\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mipsel.deb\n Size/MD5 checksum: 465612 90be081b2fe5d58208cdc22f922ace6a\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mipsel.deb\n Size/MD5 checksum: 58452 862e8a3b5f5bf5ab9a7e37f91828a96a\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_powerpc.deb\n Size/MD5 checksum: 105926 1c01fa48983ca51785fb6cebcb1352e7\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_powerpc.deb\n Size/MD5 checksum: 84122 362b899e12a413c46a1aa3bb80ae9564\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_powerpc.deb\n Size/MD5 checksum: 476730 326fe3274869079637c4a425430d9cc9\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_powerpc.deb\n Size/MD5 checksum: 59362 2be27fc39b66107b8bc28df51bfd929f\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_s390.deb\n Size/MD5 checksum: 105122 aa913f7a24298b97954809094c966d13\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_s390.deb\n Size/MD5 checksum: 86884 2c6ebcada8848923a727f21d348089bf\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_s390.deb\n Size/MD5 checksum: 463706 d0d5e649c114bd891c9dd5a742b3dd7f\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_s390.deb\n Size/MD5 checksum: 57970 fccda7621dfee8331517dc5f47587246\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_sparc.deb\n Size/MD5 checksum: 100274 63098e8e9f4c3fab8147c04aa17d811c\n http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_sparc.deb\n Size/MD5 checksum: 80906 18db5ab878c2185c7a999f968b36e204\n http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_sparc.deb\n Size/MD5 checksum: 470238 3edce01e75344d0a8a3985c564060243\n http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_sparc.deb\n Size/MD5 checksum: 56654 c47257c9c9263f657a3e96f55b14c40b\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.1 (GNU/Linux)\n\niD8DBQFDKYEPW5ql+IAeqTIRAvkXAJsG3t7J+SurPWsgUlq3bgSvDTBr3gCgtCBV\nzykdnzOaXU1T+P83Q3O0KLQ=\n=z0Ex\n-----END PGP SIGNATURE-----\n\n. \n\nFor more information:\nSA16501\n\nSOLUTION:\nUpdate to \"sys-apps/lm_sensors-2.9.1-r1\" or later. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nLM Sensors Insecure Temporary File Creation Vulnerability\n\nSECUNIA ADVISORY ID:\nSA16501\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/16501/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nLM Sensors 2.x\nhttp://secunia.com/product/5572/\n\nDESCRIPTION:\nJavier Fernandez-Sanguino Pena has reported a vulnerability in LM\nSensors, which can be exploited by malicious, local users to perform\ncertain actions on a vulnerable system with escalated privileges. \n\nSOLUTION:\nGrant only trusted users access to vulnerable systems. \n\nPROVIDED AND/OR DISCOVERED BY:\nJavier Fernandez-Sanguino Pena\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200508-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: lm_sensors: Insecure temporary file creation\n Date: August 30, 2005\n Bugs: #103568\n ID: 200508-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nlm_sensors is vulnerable to linking attacks, potentially allowing a\nlocal user to overwrite arbitrary files. \n\nBackground\n==========\n\nlm_sensors is a software package that provides drivers for monitoring\nthe temperatures, voltages, and fans of Linux systems with hardware\nmonitoring devices. When\nthe pwmconfig script of lm_sensors is executed, this would result in\nthe file being overwritten with the rights of the user running the\nscript, which typically is the root user. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll lm_sensors users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/lm_sensors-2.9.1-r1\"\n\nReferences\n==========\n\n [ 1 ] CAN-2005-2672\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200508-19.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2005 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.0\n\n. \r\n\r\nFor more information:\r\nSA16501\n\nSOLUTION:\nUpdated packages are available from Red Hat Network", sources: [ { db: "NVD", id: "CVE-2005-2672", }, { db: "JVNDB", id: "JVNDB-2005-000504", }, { db: "BID", id: "14624", }, { db: "VULHUB", id: "VHN-13881", }, { db: "VULMON", id: "CVE-2005-2672", }, { db: "PACKETSTORM", id: "40100", }, { db: "PACKETSTORM", id: "39731", }, { db: "PACKETSTORM", id: "39506", }, { db: "PACKETSTORM", id: "39718", }, { db: "PACKETSTORM", id: "41469", }, ], trust: 2.52, }, exploit_availability: { _id: null, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-13881", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-13881", }, ], }, external_ids: { _id: null, data: [ { db: "NVD", id: "CVE-2005-2672", trust: 3.1, }, { db: "BID", id: "14624", trust: 2.9, }, { db: "SECUNIA", id: "16501", trust: 2.7, }, { db: "SECUNIA", id: "17535", trust: 1.9, }, { db: "SECUNIA", id: "17499", trust: 1.8, }, { db: "SECTRACK", id: "1015180", trust: 1.7, }, { db: "VUPEN", id: "ADV-2005-1492", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2005-000504", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-200508-267", trust: 0.7, }, { db: "DEBIAN", id: "DSA-814", trust: 0.6, }, { db: "MANDRIVA", id: "MDKSA-2005:149", trust: 0.6, }, { db: "REDHAT", id: "RHSA-2005:825", trust: 0.6, }, { db: "UBUNTU", id: "USN-172-1", trust: 0.6, }, { db: "PACKETSTORM", id: "39718", trust: 0.2, }, { db: "PACKETSTORM", id: "40100", trust: 0.2, }, { db: "VULHUB", id: "VHN-13881", trust: 0.1, }, { db: "VUPEN", id: "2005/1492", trust: 0.1, }, { db: "VULMON", id: "CVE-2005-2672", trust: 0.1, }, { db: "SECUNIA", id: "16626", trust: 0.1, }, { db: "PACKETSTORM", id: "39731", trust: 0.1, }, { db: "PACKETSTORM", id: "39506", trust: 0.1, }, { db: "PACKETSTORM", id: "41469", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-13881", }, { db: "VULMON", id: "CVE-2005-2672", }, { db: "BID", id: "14624", }, { db: "JVNDB", id: "JVNDB-2005-000504", }, { db: "PACKETSTORM", id: "40100", }, { db: "PACKETSTORM", id: "39731", }, { db: "PACKETSTORM", id: "39506", }, { db: "PACKETSTORM", id: "39718", }, { db: "PACKETSTORM", id: "41469", }, { db: "CNNVD", id: "CNNVD-200508-267", }, { db: "NVD", id: "CVE-2005-2672", }, ], }, id: "VAR-200508-0055", iot: { _id: null, data: true, sources: [ { db: "VULHUB", id: "VHN-13881", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:10:25.894000Z", patch: { _id: null, data: [ { title: "1913", trust: 0.8, url: "http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1913", }, { title: "RHSA-2005:825", trust: 0.8, url: "https://rhn.redhat.com/errata/RHSA-2005-825.html", }, { title: "RHSA-2005:825", trust: 0.8, url: "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-825J.html", }, { title: "Red Hat: lm_sensors security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-2005825 - Security Advisory", }, ], sources: [ { db: "VULMON", id: "CVE-2005-2672", }, { db: "JVNDB", id: "JVNDB-2005-000504", }, ], }, problemtype_data: { _id: null, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2005-2672", }, ], }, references: { _id: null, data: [ { trust: 2.7, url: "http://www.securityfocus.com/bid/14624", }, { trust: 1.8, url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", }, { trust: 1.8, url: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/changes", }, { trust: 1.8, url: "http://www.debian.org/security/2005/dsa-814", }, { trust: 1.8, url: "http://www.mandriva.com/security/advisories?name=mdksa-2005:149", }, { trust: 1.8, url: "http://www.redhat.com/support/errata/rhsa-2005-825.html", }, { trust: 1.8, url: "http://securitytracker.com/id?1015180", }, { trust: 1.8, url: "http://secunia.com/advisories/16501", }, { trust: 1.8, url: "http://secunia.com/advisories/17499", }, { trust: 1.8, url: "http://secunia.com/advisories/17535", }, { trust: 1.4, url: "http://www.frsirt.com/english/advisories/2005/1492", }, { trust: 1.2, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9993", }, { trust: 1.2, url: "https://usn.ubuntu.com/172-1/", }, { trust: 1.2, url: "http://www.vupen.com/english/advisories/2005/1492", }, { trust: 1.1, url: "http://secunia.com/advisories/16501/", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2672", }, { trust: 0.8, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-2672", }, { trust: 0.6, url: "http://www.ubuntulinux.org/support/documentation/usn/usn-172-1", }, { trust: 0.4, url: "http://rhn.redhat.com/errata/rhsa-2005-825.html", }, { trust: 0.3, url: "http://secure.netroedge.com/~lm78/index.html", }, { trust: 0.3, url: "http://secunia.com/secunia_security_advisories/", }, { trust: 0.3, url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org", }, { trust: 0.3, url: "http://secunia.com/about_secunia_advisories/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2005-2672", }, { trust: 0.2, url: "http://secunia.com/secunia_vacancies/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2005:825", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_m68k.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mips.deb", }, { trust: 0.1, url: "http://www.debian.org/security/faq", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_m68k.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge2_all.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_m68k.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.dsc", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge2_all.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_sparc.deb", }, { trust: 0.1, url: "http://packages.debian.org/<pkg>", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz", }, { trust: 0.1, url: "http://security.debian.org/", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://www.debian.org/security/", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_m68k.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-1sarge2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.diff.gz", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mips.deb", }, { trust: 0.1, url: "http://www.gentoo.org/security/en/glsa/glsa-200508-19.xml", }, { trust: 0.1, url: "http://secunia.com/product/339/", }, { trust: 0.1, url: "http://secunia.com/advisories/16626/", }, { trust: 0.1, url: "http://secunia.com/product/5572/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-2672", }, { trust: 0.1, url: "http://bugs.gentoo.org.", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.0", }, { trust: 0.1, url: "http://security.gentoo.org/glsa/glsa-200508-19.xml", }, { trust: 0.1, url: "http://security.gentoo.org/", }, { trust: 0.1, url: "http://secunia.com/advisories/17535/", }, { trust: 0.1, url: "http://secunia.com/product/4669/", }, { trust: 0.1, url: "http://secunia.com/product/4670/", }, { trust: 0.1, url: "http://secunia.com/product/4668/", }, { trust: 0.1, url: "http://rhn.redhat.com/", }, ], sources: [ { db: "VULHUB", id: "VHN-13881", }, { db: "VULMON", id: "CVE-2005-2672", }, { db: "BID", id: "14624", }, { db: "JVNDB", id: "JVNDB-2005-000504", }, { db: "PACKETSTORM", id: "40100", }, { db: "PACKETSTORM", id: "39731", }, { db: "PACKETSTORM", id: "39506", }, { db: "PACKETSTORM", id: "39718", }, { db: "PACKETSTORM", id: "41469", }, { db: "CNNVD", id: "CNNVD-200508-267", }, { db: "NVD", id: "CVE-2005-2672", }, ], }, sources: { _id: null, data: [ { db: "VULHUB", id: "VHN-13881", ident: null, }, { db: "VULMON", id: "CVE-2005-2672", ident: null, }, { db: "BID", id: "14624", ident: null, }, { db: "JVNDB", id: "JVNDB-2005-000504", ident: null, }, { db: "PACKETSTORM", id: "40100", ident: null, }, { db: "PACKETSTORM", id: "39731", ident: null, }, { db: "PACKETSTORM", id: "39506", ident: null, }, { db: "PACKETSTORM", id: "39718", ident: null, }, { db: "PACKETSTORM", id: "41469", ident: null, }, { db: "CNNVD", id: "CNNVD-200508-267", ident: null, }, { db: "NVD", id: "CVE-2005-2672", ident: null, }, ], }, sources_release_date: { _id: null, data: [ { date: "2005-08-23T00:00:00", db: "VULHUB", id: "VHN-13881", ident: null, }, { date: "2005-08-23T00:00:00", db: "VULMON", id: "CVE-2005-2672", ident: null, }, { date: "2005-08-22T00:00:00", db: "BID", id: "14624", ident: null, }, { date: "2007-04-01T00:00:00", db: "JVNDB", id: "JVNDB-2005-000504", ident: null, }, { date: "2005-09-20T06:24:55", db: "PACKETSTORM", id: "40100", ident: null, }, { date: "2005-08-31T09:38:08", db: "PACKETSTORM", id: "39731", ident: null, }, { date: "2005-08-23T23:30:33", db: "PACKETSTORM", id: "39506", ident: null, }, { date: "2005-08-31T06:34:38", db: "PACKETSTORM", id: "39718", ident: null, }, { date: "2005-11-11T23:52:11", db: "PACKETSTORM", id: "41469", ident: null, }, { date: "2005-08-23T00:00:00", db: "CNNVD", id: "CNNVD-200508-267", ident: null, }, { date: "2005-08-23T04:00:00", db: "NVD", id: "CVE-2005-2672", ident: null, }, ], }, sources_update_date: { _id: null, data: [ { date: "2018-10-03T00:00:00", db: "VULHUB", id: "VHN-13881", ident: null, }, { date: "2018-10-03T00:00:00", db: "VULMON", id: "CVE-2005-2672", ident: null, }, { date: "2009-07-12T17:06:00", db: "BID", id: "14624", ident: null, }, { date: "2010-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2005-000504", ident: null, }, { date: "2005-10-20T00:00:00", db: "CNNVD", id: "CNNVD-200508-267", ident: null, }, { date: "2024-11-21T00:00:07.007000", db: "NVD", id: "CVE-2005-2672", ident: null, }, ], }, threat_type: { _id: null, data: "local", sources: [ { db: "BID", id: "14624", }, { db: "PACKETSTORM", id: "39731", }, { db: "PACKETSTORM", id: "39506", }, { db: "PACKETSTORM", id: "41469", }, { db: "CNNVD", id: "CNNVD-200508-267", }, ], trust: 1.2, }, title: { _id: null, data: "LM_sensors PWMConfig Insecure Temporary File Creation Vulnerability", sources: [ { db: "BID", id: "14624", }, { db: "CNNVD", id: "CNNVD-200508-267", }, ], trust: 0.9, }, type: { _id: null, data: "Design Error", sources: [ { db: "BID", id: "14624", }, { db: "CNNVD", id: "CNNVD-200508-267", }, ], trust: 0.9, }, }
fkie_cve-2005-2672
Vulnerability from fkie_nvd
Published
2005-08-23 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7022ABA4-523E-4416-A601-9E3AAB3A0316", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "830356D2-5389-4960-8E4A-A6E76C4174C5", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9BBE9AD6-8F09-4D59-8308-149400E124ED", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "94CA80C3-E527-4389-A011-7AE16C93A272", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "673F66B0-3C25-4128-9916-B7BCC58B72F6", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "5FDEA8EE-ECF5-4AA5-919B-0F4FCBA76DF9", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0366C9C6-1113-4DB7-9B9C-F322090518BF", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4FD0BDE5-DDED-4558-B8AE-076C1C6FAF59", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "FFEB6CF7-17DE-4375-B865-99ACAA94862A", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "048D63F2-FF53-46A5-8C7A-B303493DDF64", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "FC0A70A0-0A7C-4049-836F-54BEC6ABEA0D", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CC338AB-CA3E-4EB1-81B4-7611EFC5EB12", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "9F45928F-C0C3-4AE4-B5A7-00B0BC810D28", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "2FC27691-32AB-4F7C-9578-B1B8505B1D26", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "96446EA9-55A7-42AA-95D6-7990D2C5591F", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.4.4:*:*:*:*:*:*:*", matchCriteriaId: "6AA5CFC2-87D3-4791-8ADE-D9E6AEA91675", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.4.5:*:*:*:*:*:*:*", matchCriteriaId: "8CA5EB26-218E-4D51-8A04-63521EBF19FD", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "DB74ADC3-C840-46DC-AAB2-2C559C167056", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "286A3AB7-2448-4658-A73B-8FF6DB3452EF", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "946C4E11-C3D5-4148-A8A0-3CBD599C4C82", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.3:*:*:*:*:*:*:*", matchCriteriaId: "6C8A8D40-5A2A-440F-878C-F2E7827ACDF8", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.4:*:*:*:*:*:*:*", matchCriteriaId: "C182A4F0-6EC9-40AD-8055-5336E81F3D8D", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.5.5:*:*:*:*:*:*:*", matchCriteriaId: "5D03522F-2ABF-4FB1-AAE9-22245E4104EA", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "288B484B-8686-40E6-A2A0-1936A06AB46E", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "893D901C-B093-4754-8CE0-F264BD595FDF", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "0494E909-7125-40EC-B522-012A515C8802", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.3:*:*:*:*:*:*:*", matchCriteriaId: "C66C89EE-3A5B-4A49-AD8B-C0A3842262C9", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.4:*:*:*:*:*:*:*", matchCriteriaId: "2BD5DB74-EAB5-40EF-88EC-E779872DCFC5", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.6.5:*:*:*:*:*:*:*", matchCriteriaId: "8B9DD54B-6138-4FB3-950A-75944A356645", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "21E63031-6E13-43A8-8668-91DF1524F2AD", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E4C0B81E-C9C2-429C-9864-392904EA84F4", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.1:*:*:*:*:*:*:*", matchCriteriaId: "B788580A-7ABD-4535-97C2-61092F5C77FC", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.2:*:*:*:*:*:*:*", matchCriteriaId: "FB36613C-0D0A-4695-A392-DFC0A9459D99", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.3:*:*:*:*:*:*:*", matchCriteriaId: "D21B37A6-354A-47CA-8849-DA14C34C5C74", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.4:*:*:*:*:*:*:*", matchCriteriaId: "E5645DEA-2C2D-4748-915B-2B99D7C9DDBC", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.5:*:*:*:*:*:*:*", matchCriteriaId: "8E1A57CA-66C4-425F-AED2-739D2C1D40B9", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.6:*:*:*:*:*:*:*", matchCriteriaId: "775FDB7D-C397-4E92-B71E-439BF37BB88D", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.7:*:*:*:*:*:*:*", matchCriteriaId: "5D25E827-906D-4911-BF53-67DCB8FBD0AE", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.8.8:*:*:*:*:*:*:*", matchCriteriaId: "0CCED5C6-E00A-4C43-B731-A9C3A2BDC4FB", vulnerable: true, }, { criteria: "cpe:2.3:a:lm_sensors:lm_sensors:2.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A0CE53B8-C121-4B83-B506-2410EFCAA986", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.", }, ], id: "CVE-2005-2672", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-08-23T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/16501", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/17499", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/17535", }, { source: "cve@mitre.org", url: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1015180", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2005/dsa-814", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-825.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/14624", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2005/1492", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/172-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17535", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1015180", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-825.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1492", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/172-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.