Published: 19/07/2005 Updated: 18/10/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Certain contributed scripts for ekg Gadu Gadu client 1.5 and previous versions create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ekg ekg 1.1_rc2
ekg ekg 1.3
ekg ekg 1.0_rc2
ekg ekg 1.0_rc3
ekg ekg 1.5_rc1
ekg ekg 1.5_rc2
ekg ekg 1.1
ekg ekg 1.1_rc1
ekg ekg 1.0
ekg ekg 1.4
ekg ekg 1.5

Marcin Owsiany and Wojtek Kaniewski discovered that some contributed scripts (contrib/ekgh, contrib/ekgnvsh, and contrib/getekgsh) in the ekg package created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the script (CAN-2005-1850) ...

Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2005-1850 Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creation in contributed scripts CAN-2005-1851 Mar ...

NVD-CWE-Other http://www.debian.org/security/2005/dsa-760 http://marc.info/?l=bugtraq&m=112198499417250&w=2 https://usn.ubuntu.com/162-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1850

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect