Executive Summary

Informations
Name CVE-2005-1064 First vendor Publication 2005-04-10
Vendor Cve Last vendor Modification 2016-10-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1064

CWE : Common Weakness Enumeration

% Id Name

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200504-12 (rsnapshot)
File : nvt/glsa_200504_12.nasl
2008-09-04 Name : FreeBSD Ports: rsnapshot
File : nvt/freebsd_rsnapshot.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
15420 rsnapshot copy_symlink() Arbitrary File Ownership Modification

Rsnapshot contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to an error in the "copy_symlink()" function where file permissions for symlinks are incorrectly set on the original file. This flaw may allow an attacker to take ownership of arbitrary files by placing a malicious symlink in a directory being backed up, resulting in a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2005-07-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_8c5ad0cfba3711d9837d000e0c2e438a.nasl - Type : ACT_GATHER_INFO
2005-04-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200504-12.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://www.rsnapshot.org/security/2005/001.html
FULLDISC http://marc.info/?l=full-disclosure&m=111317179531000&w=2
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200504-12.xml
OSVDB http://www.osvdb.org/15420
SECTRACK http://securitytracker.com/id?1013674
SECUNIA http://secunia.com/advisories/14878

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2021-05-04 12:02:53
  • Multiple Updates
2021-04-22 01:03:06
  • Multiple Updates
2020-05-23 00:16:28
  • Multiple Updates
2016-10-18 12:01:38
  • Multiple Updates
2016-06-28 15:15:48
  • Multiple Updates
2016-04-26 13:24:38
  • Multiple Updates
2014-02-17 10:30:54
  • Multiple Updates
2013-05-11 11:23:40
  • Multiple Updates