Info

Disclosure

Jan 03, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

HtmlHeadLine.sh contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when temp files are created insecurely. It is possible that the flaw may allow arbitrary files to be overwritten resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Toshiaki Kanosue	HtmlHeadLine.sh	32.9
		33.8

References

Security Tracker: 1012756
Secunia Advisory ID: 13714 13715
CVE ID: 2004-1181 (see also: NVD)
Vendor URL: http://kano.technolust.cx/hhl/
Other Advisory URL: http://www.debian.org/security/2005/dsa-622
Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-622

Credit

Javier Fernandez-Sanguino Pena - jfscomputer.org -

Direct URL: http://osvdb.org/12681

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Toshiaki Kanosue

HtmlHeadLine.sh

References

Credit