CVE-2005-3126 : The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users

The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.

Published 2005-12-31 05:00:00

Updated 2017-07-11 01:33:06

Source Debian GNU/Linux

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2005-3126

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-3126

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2005-3126

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2005-3126

Products affected by CVE-2005-3126

Antiword » Antiword » Version: 0.32
cpe:2.3:a:antiword:antiword:0.32:*:*:*:*:*:*:*
Matching versions
Antiword » Antiword » Version: 0.35
cpe:2.3:a:antiword:antiword:0.35:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-3126

Exploit prediction scoring system (EPSS) score for CVE-2005-3126

CVSS scores for CVE-2005-3126

CWE ids for CVE-2005-3126

References for CVE-2005-3126

Products affected by CVE-2005-3126