FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0559

This CVE name corresponds to:

Entered Topic
2004-09-14 webmin -- insecure temporary file creation at installation time

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-0559
Phase Assigned(20040614)

Description

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.

References

Source Reference
GENTOO GLSA-200409-15
CONFIRM http://www.webmin.com/uchanges-1.089.html
SECUNIA 12488
XF usermin-installation-unspecified(17299)
BID 11153