CVE-2006-0512 - PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arb

CVE-2006-0512

Summary

PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.

References

Vulnerable Configurations

cpe:2.3:a:padl_software:migrationtools:46:*:*:*:*:*:*:*
cpe:2.3:a:padl_software:migrationtools:46:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 08-12-2016 - 03:00)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

refmap via4

debian	DSA-1187
misc	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338920
secunia	22243
vupen	ADV-2005-2427

statements via4

contributor	Vincent Danen
lastmodified	2006-10-04
organization	Mandriva
statement	Mandriva has patched the migrationtools since August 2005 to use mktemp so is not vulnerable to this issue.

Last major update

08-12-2016 - 03:00

Published

02-02-2006 - 11:02

Last modified

08-12-2016 - 03:00