Vulnerability Name:

CVE-2005-3321 (CCN-22853)

Assigned:2005-10-24
Published:2005-10-24
Updated:2018-10-30
Summary:chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
CVSS v3 Severity:2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
4.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N)
1.0 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: BugTraq Mailing List, Mon Oct 24 2005 - 04:33:18 CDT
SUSE Security Announcement: permissions (SUSE-SA:2005:062)

Source: MITRE
Type: CNA
CVE-2005-3321

Source: SECUNIA
Type: UNKNOWN
17290

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:062

Source: OSVDB
Type: UNKNOWN
20263

Source: CCN
Type: OSVDB ID: 20263
SUSE Permissions Bypass chkstat Arbitrary File Access

Source: BID
Type: UNKNOWN
15182

Source: CCN
Type: BID-15182
SUSE Linux Permissions Package CHKSTAT Insecure Permissions Handling Vulnerability

Source: XF
Type: UNKNOWN
suse-chkstat-weak-permissions(22853)

Source: XF
Type: UNKNOWN
suse-chkstat-bypass-security(22853)

Source: SUSE
Type: SUSE-SA:2005:062
permissions: information disclosure

Vulnerable Configuration:Configuration 1:
  • cpe:/o:novell:suse_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20053321
    V
    		CVE-2005-3321
    2015-11-16
    BACK
    novell suse linux 10.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.1
    suse suse linux 9.2
    suse suse linux 9.2
    suse suse linux 9.3
    suse suse linux 9.3
    suse linux enterprise server 8
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.2
    suse suse linux 10.0
    suse suse linux 9.3