CVE-2005-1707

Gentoo webapp-config <1.10-r14 - Local Privilege Escalation

Title source: llm

Description

The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eric Romang · bashlocallinux

https://www.exploit-db.com/exploits/25709

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/15445

[Exploit, Patch] http://securitytracker.com/id?1014027

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200506-13.xml

[Third Party Advisory, VDB Entry] http://www.osvdb.org/16746

[Exploit, Vendor Advisory] http://www.zataz.net/adviso/webapp-config-05182005.txt

[Issue Tracking] http://bugs.gentoo.org/show_bug.cgi?id=91785

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13780

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/0809

Scores

EPSS 0.0023

EPSS Percentile 45.4%

Details

Status published

Products (1)

gentoo/linux_webapp-config 1.10 r14

Published May 24, 2005

Tracked Since Feb 18, 2026