CVE-2005-4659
Published Dec 31, 2005
Last updated 7 years ago
Overview
- Description
- IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipcop:ipcop:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED06B358-E0EF-4E4F-848A-E720ABA78633"
},
{
"criteria": "cpe:2.3:a:ipcop:ipcop:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B204E3C9-131D-40E6-A441-1CBA4E953953"
},
{
"criteria": "cpe:2.3:a:ipcop:ipcop:1.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C84B184-A911-46F0-BB7E-D63F401A41CE"
},
{
"criteria": "cpe:2.3:a:ipcop:ipcop:1.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC5966C1-DC13-4C80-AEC8-C64C8B2597DE"
},
{
"criteria": "cpe:2.3:a:ipcop:ipcop:1.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D86E163-5BE5-443D-AEA0-A245A746ED7D"
},
{
"criteria": "cpe:2.3:a:ipcop:ipcop:1.4.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "165FE5EE-4B87-47E1-8198-8097E29FC2A9"
},
{
"criteria": "cpe:2.3:a:ipcop:ipcop:1.4.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B378FA93-43FC-4B83-990B-EB71CDE011C5"
}
],
"operator": "OR"
}
]
}
]