Published: 19/07/2005 Updated: 18/10/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

A certain contributed script for ekg Gadu Gadu client 1.5 and previous versions allows malicious users to execute shell commands via unknown attack vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ekg ekg 1.0_rc2
ekg ekg 1.0_rc3
ekg ekg 1.1
ekg ekg 1.5_rc2
ekg ekg 1.3
ekg ekg 1.4
ekg ekg 1.0
ekg ekg 1.5
ekg ekg 1.5_rc1
ekg ekg 1.1_rc1
ekg ekg 1.1_rc2

Marcin Owsiany and Wojtek Kaniewski discovered that some contributed scripts (contrib/ekgh, contrib/ekgnvsh, and contrib/getekgsh) in the ekg package created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the script (CAN-2005-1850) ...

Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2005-1850 Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creation in contributed scripts CAN-2005-1851 Mar ...

NVD-CWE-Other http://www.debian.org/security/2005/dsa-760 http://marc.info/?l=bugtraq&m=112198499417250&w=2 https://usn.ubuntu.com/162-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1851

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect