ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| angus_mackay | ez-ipupdate | 3.0.11b7 |
| angus_mackay | ez-ipupdate | 3.0.11b5 |
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| angus_mackay | ez-ipupdate | 3.0.11b8 |
| angus_mackay | ez-ipupdate | 3.0.11b5 |
| gentoo | linux | * |
| debian | debian_linux | 3.0 |