Mathopd Dump Files Local Insecure File Creation Vulnerability
BID:12882
Info
Mathopd Dump Files Local Insecure File Creation Vulnerability
| Bugtraq ID: | 12882 |
| Class: | Design Error |
| CVE: |
CVE-2005-0824 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 23 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Carsten Eiram is credited with the discovery of this issue. |
| Vulnerable: |
Mathopd Web Server 1.6 b5 Mathopd Web Server 1.5 p4 |
| Not Vulnerable: |
Mathopd Web Server 1.6 b6 Mathopd Web Server 1.5 p5 |
Discussion
Mathopd Dump Files Local Insecure File Creation Vulnerability
A local insecure file creation vulnerability affects Mathopd. This issue is due to a design error that causes the insecure creation and writing of files.
An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates and uses the vulnerable software.
A local insecure file creation vulnerability affects Mathopd. This issue is due to a design error that causes the insecure creation and writing of files.
An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates and uses the vulnerable software.
Exploit / POC
Mathopd Dump Files Local Insecure File Creation Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Mathopd Dump Files Local Insecure File Creation Vulnerability
Solution:
The vendor has released an updated version dealing with this issue.
Mathopd Web Server 1.5 p4
Solution:
The vendor has released an updated version dealing with this issue.
Mathopd Web Server 1.5 p4
-
Mathopd Mathopd 1.5p5
http://www.mathopd.org/dist/mathopd-1.5p5.tar.gz
References
Mathopd Dump Files Local Insecure File Creation Vulnerability
References:
References:
- Project Homepage (Mathopd)