Published: 03/05/2005 Updated: 07/11/2023

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

VMScore: 130

Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and previous versions allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.

Vulnerable Product	Search on Vulmon	Subscribe to Product

#!/usr/bin/perl -w # # Setuid ARPUS/ce exploit by KF - kf_lists[at]digitalmunition[dot]com - 4/21/05 # # Copyright Kevin Finisterre # kfinisterre@threat:/tmp$ /ce_expl # sh-205b# id # uid=0(root) gid=1000(kfinisterre) # groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),1000(kfinisterre) # # 57 bytes long $sc = "\x90"x512; $sc = "\x3 ...

/* * Copyright Kevin Finisterre - ripped from my perl_exc * * ** DISCLAIMER ** I am in no way responsible for your stupidity * ** DISCLAIMER ** I am in no way liable for any damages caused by compilation and or execution of this code * * ** WARNING ** DO NOT RUN THIS UNLESS YOU KNOW WHAT YOU ARE DOING *** * ** WARNING ** overwriting /etc/ldsop ...

NVD-CWE-Other http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033705.html http://www.osvdb.org/16050 http://securitytracker.com/id?1013855 http://secunia.com/advisories/15197 http://www.digitalmunition.com/DMA%5B2005-0501a%5D.txt https://nvd.nist.gov https://www.exploit-db.com/exploits/974/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1396

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect