Main Vulnerability Database Vulnerabilities #VU32986

Link following in antiword - CVE-2005-3126

Published: August 3, 2020

Vulnerability identifier: #VU32986

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2005-3126

CWE-ID: CWE-59

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
antiword

Software vendor:
ropensci

Description

The vulnerability allows a local user to escalate privileges on the system.

The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.

Remediation

Install updates from vendor's website.

External links

http://www.debian.org/security/2005/dsa-945
http://www.securityfocus.com/bid/16278
http://www.vupen.com/english/advisories/2006/0242
https://exchange.xforce.ibmcloud.com/vulnerabilities/24194

Link following in antiword - CVE-2005-3126

Description

Remediation

External links

Please verify you're human