Executive Summary
| Summary | |
|---|---|
| Title | New geneweb packages fix insecure file operations |
| Informations | |||
|---|---|---|---|
| Name | DSA-712 | First vendor Publication | 2005-04-19 |
| Vendor | Debian | Last vendor Modification | 2005-04-19 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Tim Dijkstra discovered a problem during the upgrade of geneweb, a genealogy software with web interface. The maintainer scripts automatically converted files without checking their permissions and content, which could lead to the modification of arbitrary files. For the stable distribution (woody) this problem has been fixed in version 4.06-2woody1. For the unstable distribution (sid) this problem has been fixed in version 4.10-7. We recommend that you upgrade your geneweb package. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-712 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 712-1 (geneweb) File : nvt/deb_712_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 15709 | geneweb Maintainer Scripts Arbitrary File Manipulation Geneweb contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the maintainer scripts converting .gwb database files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-04-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-712.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:00 |
|
