CVE-2005-2672 : pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which a

pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.

Published 2005-08-23 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-2672

Lm Sensors » Lm Sensors » Version: 2.1.0
cpe:2.3:a:lm_sensors:lm_sensors:2.1.0:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.1.1
cpe:2.3:a:lm_sensors:lm_sensors:2.1.1:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.3.2
cpe:2.3:a:lm_sensors:lm_sensors:2.3.2:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.3.3
cpe:2.3:a:lm_sensors:lm_sensors:2.3.3:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.5.3
cpe:2.3:a:lm_sensors:lm_sensors:2.5.3:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.5.4
cpe:2.3:a:lm_sensors:lm_sensors:2.5.4:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.6.5
cpe:2.3:a:lm_sensors:lm_sensors:2.6.5:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.7.0
cpe:2.3:a:lm_sensors:lm_sensors:2.7.0:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.8.6
cpe:2.3:a:lm_sensors:lm_sensors:2.8.6:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.8.7
cpe:2.3:a:lm_sensors:lm_sensors:2.8.7:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.8.8
cpe:2.3:a:lm_sensors:lm_sensors:2.8.8:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.0.0
cpe:2.3:a:lm_sensors:lm_sensors:2.0.0:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.2.1
cpe:2.3:a:lm_sensors:lm_sensors:2.2.1:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.2.2
cpe:2.3:a:lm_sensors:lm_sensors:2.2.2:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.4.5
cpe:2.3:a:lm_sensors:lm_sensors:2.4.5:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.5.0
cpe:2.3:a:lm_sensors:lm_sensors:2.5.0:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.6.1
cpe:2.3:a:lm_sensors:lm_sensors:2.6.1:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.6.2
cpe:2.3:a:lm_sensors:lm_sensors:2.6.2:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.8.2
cpe:2.3:a:lm_sensors:lm_sensors:2.8.2:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.8.3
cpe:2.3:a:lm_sensors:lm_sensors:2.8.3:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.0.1
cpe:2.3:a:lm_sensors:lm_sensors:2.0.1:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.0.2
cpe:2.3:a:lm_sensors:lm_sensors:2.0.2:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.3.0
cpe:2.3:a:lm_sensors:lm_sensors:2.3.0:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.3.1
cpe:2.3:a:lm_sensors:lm_sensors:2.3.1:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.5.1
cpe:2.3:a:lm_sensors:lm_sensors:2.5.1:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.5.2
cpe:2.3:a:lm_sensors:lm_sensors:2.5.2:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.6.3
cpe:2.3:a:lm_sensors:lm_sensors:2.6.3:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.6.4
cpe:2.3:a:lm_sensors:lm_sensors:2.6.4:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.8.4
cpe:2.3:a:lm_sensors:lm_sensors:2.8.4:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.8.5
cpe:2.3:a:lm_sensors:lm_sensors:2.8.5:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.1.2
cpe:2.3:a:lm_sensors:lm_sensors:2.1.2:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.2.0
cpe:2.3:a:lm_sensors:lm_sensors:2.2.0:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.3.4
cpe:2.3:a:lm_sensors:lm_sensors:2.3.4:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.4.0
cpe:2.3:a:lm_sensors:lm_sensors:2.4.0:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.4.4
cpe:2.3:a:lm_sensors:lm_sensors:2.4.4:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.5.5
cpe:2.3:a:lm_sensors:lm_sensors:2.5.5:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.6.0
cpe:2.3:a:lm_sensors:lm_sensors:2.6.0:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.8.0
cpe:2.3:a:lm_sensors:lm_sensors:2.8.0:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.8.1
cpe:2.3:a:lm_sensors:lm_sensors:2.8.1:*:*:*:*:*:*:*
Matching versions
Lm Sensors » Lm Sensors » Version: 2.9.0
cpe:2.3:a:lm_sensors:lm_sensors:2.9.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-2672

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-2672

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2005-2672

http://www.redhat.com/support/errata/RHSA-2005-825.html

Support
http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES
https://usn.ubuntu.com/172-1/

404: Page not found | Ubuntu
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993

404 Not Found
http://www.securityfocus.com/bid/14624
http://securitytracker.com/id?1015180

Access Denied
http://secunia.com/advisories/17499

About Secunia Research | Flexera
http://secunia.com/advisories/17535

About Secunia Research | Flexera
http://www.mandriva.com/security/advisories?name=MDKSA-2005:149

Mandriva
http://secunia.com/advisories/16501

About Secunia Research | Flexera
http://www.debian.org/security/2005/dsa-814

[SECURITY] [DSA 814-1] New lm-sensors packages fix insecure temporary file
http://www.vupen.com/english/advisories/2005/1492

Site en construction
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193

#324193 - lm-sensors: Insecure tempfile usage in pwmconfig - Debian Bug report logs

Jump to

Vulnerability Details : CVE-2005-2672

Products affected by CVE-2005-2672

Exploit prediction scoring system (EPSS) score for CVE-2005-2672

CVSS scores for CVE-2005-2672

References for CVE-2005-2672