1.2 CVE-2005-1396

Exploit

Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
https://nvd.nist.gov/vuln/detail/CVE-2005-1396

References

FULLDISC Exploit

20050501 DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite' Exploit

MISC

http://www.digitalmunition.com/DMA[2005-0501a].txt Broken Link

OSVDB

16050 Vendor Advisory

SECTRACK Exploit

1013855 Exploit

SECUNIA

15197 Vendor Advisory

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:swlink:ce_ceterm::::::::		<= 2.3.2
cpe:2.3:a:swlink:ce_ceterm:2.4:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5.1:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5.2:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5.3:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5.4:::::::*

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
974	ARPUS/Ce - Local Overflow (setuid) (Perl)	2005-05-01 00:00:00
973	ARPUS/Ce - Local File Overwrite (setuid)	2005-05-01 00:00:00

Other (github, ...)

Url
20050501 DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite'
1013855

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

MITRE

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution

cpe	start	end
Configuration 1
cpe:2.3:a:swlink:ce_ceterm::::::::		<= 2.3.2
cpe:2.3:a:swlink:ce_ceterm:2.4:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5.1:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5.2:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5.3:::::::*
cpe:2.3:a:swlink:ce_ceterm:2.5.4:::::::*