CVE-2005-4691
NetBSD - Arbitrary File Overwrite via imake Temporary File Symlink
Title source: llmDescription
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://mail-index.netbsd.org/source-changes/2005/09/12/0043.html
Various Sources mailing-list
x_refsource_mlist
http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015132
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15263
Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20731
Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-009.txt.asc
Scores
EPSS
0.0008
EPSS Percentile
23.3%
Details
Status
published
Products (6)
netbsd/netbsd
1.6 (2 CPE variants)
netbsd/netbsd
1.6.1
netbsd/netbsd
1.6.2
netbsd/netbsd
2.0
netbsd/netbsd
2.0.1
netbsd/netbsd
2.0.2
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026