CVE-2005-0824

MEDIUM

Mathopd < 1.5 - Symlink Following

Title source: rule

Description

The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.

References (2)

[Broken Link, Third Party Advisory] http://secunia.com/advisories/14524

[Third Party Advisory] http://www.mail-archive.com/mathopd%40mathopd.org/msg00272.html

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 13.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-59

Status draft

Affected Products (2)

mathopd/mathopd < 1.5

mathopd/mathopd

Timeline

Published May 02, 2005

Tracked Since Feb 18, 2026