CVE-2005-4536

NameCVE-2005-4536
DescriptionMail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-960-3
NVD severitylow (attack range: local)
Debian Bugs344029

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmail-audit-perlsource(unstable)2.1-5.1medium344029
libmail-audit-perlsourcesarge2.1-5sarge4lowDSA-960-3
libmail-audit-perlsourcewoody2.0-4woody3lowDSA-960-3

Search for package or bug name: Reporting problems