FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0610

This CVE name corresponds to:

Entered Topic
2005-04-12 portupgrade -- insecure temporary file handling vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0610 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0610
Phase Assigned(20050301)

Description

Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.

References

Source Reference
MISC http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html
BID 13106
SECUNIA 14903

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.