Published: 27/12/2005 Updated: 11/07/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

tkdiff prior to 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tkdiff tkdiff 3.0.8
tkdiff tkdiff 3.0.9
tkdiff tkdiff 4.0
tkdiff tkdiff 4.0.2
tkdiff tkdiff 4.1

The last update of tkdiff contained a programming error which is fixed by this version For completeness we're adding the original advisory text: Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that tkdiff, a graphical side by side "diff" utility, creates temporary files in an insecure fashion For the old sta ...

NVD-CWE-Other http://www.debian.org/security/2005/dsa-927 http://sourceforge.net/project/shownotes.php?release_id=380030&group_id=64960 http://www.securityfocus.com/bid/16064 http://www.osvdb.org/21933 http://secunia.com/advisories/18083 http://secunia.com/advisories/18215 http://securitytracker.com/id?1015421 http://www.mandriva.com/security/advisories?name=MDKSA-2006:001 https://exchange.xforce.ibmcloud.com/vulnerabilities/23858 https://nvd.nist.gov https://www.debian.org/security/./dsa-927

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-3343

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect