CVE-2004-2698

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-2698
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0914.html
http://imwheel.sourceforge.net/files/DEVELOPMENT.txt
http://secunia.com/advisories/12349 Vendor Advisory
http://securitytracker.com/id?1011049
http://www.caughq.org/advisories/CAU-2004-0002.txt
http://www.osvdb.org/9111
http://www.securityfocus.com/bid/11008
https://exchange.xforce.ibmcloud.com/vulnerabilities/17082
Configurations

Configuration 1 (hide)

cpe:2.3:a:imwheel:imwheel:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2024-02-28 10:42

NVD link : CVE-2004-2698

Mitre link : CVE-2004-2698

CVE.ORG link : CVE-2004-2698

JSON object : View

Products Affected

imwheel

  • imwheel
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024