CVE-2005-1879

MEDIUM

Lutelwall < 0.98 - Symlink Following

Title source: rule

Description

LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

References (8)

[Broken Link] http://firewall.lutel.pl/download/0.98/ChangeLog

[Not Applicable] http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034424.html

[Broken Link] http://secunia.com/advisories/15647

[Broken Link] http://secunia.com/advisories/15665

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200506-10.xml

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1014112

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13863

[Broken Link] http://www.zataz.net/adviso/lutelwall-05222005.txt

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-59

Status draft

Affected Products (1)

lutel/lutelwall < 0.98

Timeline

Published Jun 09, 2005

Tracked Since Feb 18, 2026