CVE-2006-3118 - Vulnerability Details - OpenCVE

spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Spread

Configuration 1 [-]

cpe:2.3:a:canonical:spread:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617
http://www.securityfocus.com/bid/18675
https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2006-06-30T19:00:00

Updated: 2024-08-07T18:16:05.933Z

Reserved: 2006-06-21T00:00:00

Link: CVE-2006-3118

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-06-30T19:05:00.000

Modified: 2024-11-21T00:12:51.570

Link: CVE-2006-3118

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-07-11T09:00:00", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171"}, {"name": "18675", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18675"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2006-3118", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171", "refsource": "MISC", "url": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171"}, {"name": "18675", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18675"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:16:05.933Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171"}, {"name": "18675", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18675"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2006-3118", "datePublished": "2006-06-30T19:00:00", "dateReserved": "2006-06-21T00:00:00", "dateUpdated": "2024-08-07T18:16:05.933Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:spread:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBAC592F-0E73-44CA-AF3A-F351E30B7A4A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue."}, {"lang": "es", "value": "spread utiliza un archivo temporal con un nombre de archivo est\u00e1tico basado en el n\u00famero de puerto, lo que permite a los usuarios locales causar una denegaci\u00f3n de servicio, creando un archivo durante una condici\u00f3n de carrera entre llamadas a funciones \"unlink\" y \"blind\" NOTA: spread borra estos archivos temporales antes de su uso, lo que podr\u00eda causar conflictos con otros programas que usan el mismo nombre de archivo, pero esto no es un asunto distinto."}], "id": "CVE-2006-3118", "lastModified": "2024-11-21T00:12:51.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-30T19:05:00.000", "references": [{"source": "security@debian.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/18675"}, {"source": "security@debian.org", "url": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18675"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://launchpad.net/distros/ubuntu/+source/spread/+bug/44171"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}