Lucene search

MitreCVE-2005-2809

HistorySep 07, 2005 - 6:03 p.m.

CVE-2005-2809

2005-09-0718:03:00

mitre

web.nvd.nist.gov

silc

daemon

local users

arbitrary files

symlink attack

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.

Affected configurations

Nvd

Node

silcsecure_internet_live_conferencingMatch0.9.11

silcsecure_internet_live_conferencingMatch0.9.12

silcsecure_internet_live_conferencingMatch0.9.13

silcsecure_internet_live_conferencingMatch0.9.14

silcsecure_internet_live_conferencingMatch0.9.15

silcsecure_internet_live_conferencingMatch0.9.16

silcsecure_internet_live_conferencingMatch0.9.17

silcsecure_internet_live_conferencingMatch0.9.18

silcsecure_internet_live_conferencingMatch0.9.19

silcsecure_internet_live_conferencingMatch0.9.20

silcsecure_internet_live_conferencingMatch0.9.21

silcsecure_internet_live_conferencingMatch1.0

VendorProductVersionCPE
silcsecure_internet_live_conferencing0.9.11cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.11:*:*:*:*:*:*:*
silcsecure_internet_live_conferencing0.9.12cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.12:*:*:*:*:*:*:*
silcsecure_internet_live_conferencing0.9.13cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.13:*:*:*:*:*:*:*
silcsecure_internet_live_conferencing0.9.14cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.14:*:*:*:*:*:*:*
silcsecure_internet_live_conferencing0.9.15cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.15:*:*:*:*:*:*:*
silcsecure_internet_live_conferencing0.9.16cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.16:*:*:*:*:*:*:*
silcsecure_internet_live_conferencing0.9.17cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.17:*:*:*:*:*:*:*
silcsecure_internet_live_conferencing0.9.18cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.18:*:*:*:*:*:*:*
silcsecure_internet_live_conferencing0.9.19cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.19:*:*:*:*:*:*:*
silcsecure_internet_live_conferencing0.9.20cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silc	secure_internet_live_conferencing	0.9.11	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.11:::::::*
silc	secure_internet_live_conferencing	0.9.12	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.12:::::::*
silc	secure_internet_live_conferencing	0.9.13	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.13:::::::*
silc	secure_internet_live_conferencing	0.9.14	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.14:::::::*
silc	secure_internet_live_conferencing	0.9.15	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.15:::::::*
silc	secure_internet_live_conferencing	0.9.16	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.16:::::::*
silc	secure_internet_live_conferencing	0.9.17	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.17:::::::*
silc	secure_internet_live_conferencing	0.9.18	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.18:::::::*
silc	secure_internet_live_conferencing	0.9.19	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.19:::::::*
silc	secure_internet_live_conferencing	0.9.20	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.20:::::::*

Rows per page:

1-10 of 121

References

bugs.gentoo.org/show_bug.cgi?id=94587

secunia.com/advisories/16659/

www.securityfocus.com/archive/1/409672

www.securityfocus.com/bid/14716

www.zataz.net/adviso/silc-server-toolkit-06152005.txt

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-2809