Vulnerability CVE-2004-0559 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0559 (CCN-17299)

Assigned:

2004-09-08

Published:

2004-09-08

Updated:

2017-07-11

Summary:

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2004-0559

Source: CCN
Type: SA12488
Usermin Shell Command Injection and Insecure Installation Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
12488

Source: DEBIAN
Type: DSA-544
webmin -- insecure temporary directory

Source: CCN
Type: GLSA-200409-15
Webmin, Usermin: Multiple vulnerabilities in Usermin

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200409-15

Source: CCN
Type: OSVDB ID: 9775
Webmin/Usermin Installation .webmin Symlink Local Privilege Escalation

Source: BID
Type: Patch, Vendor Advisory
11153

Source: CCN
Type: BID-11153
Webmin / Usermin Installation Insecure Temporary File Creation Vulnerability

Source: CCN
Type: TLSA-2005-20
Multiple vulnerabilities exist in webmin

Source: CONFIRM
Type: UNKNOWN
http://www.webmin.com/uchanges-1.089.html

Source: CCN
Type: Usermin Change Log
Version 1.090 (5 Sep 2004)

Source: CCN
Type: Webmin Web site
Usermin Updates

Source: XF
Type: UNKNOWN
usermin-installation-unspecified(17299)

Source: XF
Type: UNKNOWN
usermin-installation-unspecified(17299)

Vulnerable Configuration:

Configuration 1:

cpe:/a:usermin:usermin:1.000:*:*:*:*:*:*:*

OR cpe:/a:usermin:usermin:1.010:*:*:*:*:*:*:*

OR cpe:/a:usermin:usermin:1.020:*:*:*:*:*:*:*

OR cpe:/a:usermin:usermin:1.030:*:*:*:*:*:*:*

OR cpe:/a:usermin:usermin:1.040:*:*:*:*:*:*:*

OR cpe:/a:usermin:usermin:1.051:*:*:*:*:*:*:*

OR cpe:/a:usermin:usermin:1.060:*:*:*:*:*:*:*

OR cpe:/a:usermin:usermin:1.070:*:*:*:*:*:*:*

OR cpe:/a:usermin:usermin:1.080:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.0.00:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.0.20:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.0.50:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.0.60:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.0.70:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.0.80:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.0.90:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.1.00:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.1.21:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.1.30:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.1.40:*:*:*:*:*:*:*

OR cpe:/a:webmin:webmin:1.1.50:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.debian:def:544	V	insecure temporary directory	2004-09-14