Info

Disclosure

Apr 19, 2004

Discovery

Unknown

Dates

Exploit

Apr 19, 2004

Solution

Unknown

Description

ipmenu contains a flaw that may allow a malicious user to arbirary overwrite files. The problem is that the program creates the ipmenu.log file with insecure permissions. It is possible that the flaw may allow a malicious user to create a symlink from this file and arbitrary overwrite files, resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

David Stes

ipmenu

0.0.3

References

Security Tracker: 1010064
Bugtraq ID: 10269
Secunia Advisory ID: 11526 17682
ISS X-Force ID: 16052
CVE ID: 2004-2569 (see also: NVD)
Vendor Specific Advisory URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=244709
Vendor URL: http://users.pandora.be/stes/ipmenu.html
Other Advisory URL: http://www.debian.org/security/2005/dsa-907

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/5788