CVE-2005-0824
MEDIUMmathopd < 1.5p5 and 1.6x < 1.6b6 BETA - Arbitrary File Overwrite via Symlink Attack on Dump Files
Title source: llmDescription
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.
References (2)
Core 2
Core References
Broken Link, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14524
Third Party Advisory x_refsource_confirm
http://www.mail-archive.com/mathopd%40mathopd.org/msg00272.html
Scores
CVSS v3
5.5
EPSS
0.0036
EPSS Percentile
27.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (2)
mathopd/mathopd
1.6
mathopd/mathopd
< 1.5
Published
May 02, 2005
Tracked Since
Feb 18, 2026