1. CVE-Search
  2. CVE-2005-1751
ID CVE-2005-1751
Summary Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
References
Vulnerable Configurations
  • cpe:2.3:a:shtool:shtool:*:*:*:*:*:*:*:*
    cpe:2.3:a:shtool:shtool:*:*:*:*:*:*:*:*
CVSS
Base: 3.7 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2005-09-21T01:33:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
    family unix
    id oval:org.mitre.oval:def:345
    status accepted
    submitted 2005-07-19T12:00:00.000-04:00
    title shtool Race Condition
    version 4
  • accepted 2013-04-29T04:20:56.852-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
    family unix
    id oval:org.mitre.oval:def:9639
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
    version 29
redhat via4
advisories
rhsa
id RHSA-2005:564
rpms
  • php-0:4.3.2-24.ent
  • php-0:4.3.9-3.7
  • php-debuginfo-0:4.3.2-24.ent
  • php-debuginfo-0:4.3.9-3.7
  • php-devel-0:4.3.2-24.ent
  • php-devel-0:4.3.9-3.7
  • php-domxml-0:4.3.9-3.7
  • php-gd-0:4.3.9-3.7
  • php-imap-0:4.3.2-24.ent
  • php-imap-0:4.3.9-3.7
  • php-ldap-0:4.3.2-24.ent
  • php-ldap-0:4.3.9-3.7
  • php-mbstring-0:4.3.9-3.7
  • php-mysql-0:4.3.2-24.ent
  • php-mysql-0:4.3.9-3.7
  • php-ncurses-0:4.3.9-3.7
  • php-odbc-0:4.3.2-24.ent
  • php-odbc-0:4.3.9-3.7
  • php-pear-0:4.3.9-3.7
  • php-pgsql-0:4.3.2-24.ent
  • php-pgsql-0:4.3.9-3.7
  • php-snmp-0:4.3.9-3.7
  • php-xmlrpc-0:4.3.9-3.7
refmap via4
bid 13767
debian DSA-789
gentoo GLSA-200506-08
misc
openpkg OpenPKG-SA-2005.011
sectrack 1014059
secunia
  • 15496
  • 15668
vulnwatch 20050525 shtool insecure temporary file creation
statements via4
contributor Mark J Cox
lastmodified 2006-09-19
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158995 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 03-05-2018 - 01:29
Published 25-05-2005 - 04:00
Last modified 03-05-2018 - 01:29
Back to Top