Rapid7 Vulnerability & Exploit Database

CESA-2005:825: lm_sensors security update

Back to Search

CESA-2005:825: lm_sensors security update

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
08/23/2005
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated lm_sensors packages that fix an insecure file issue are now available. This update has been rated as having low security impact by the CentOS Security Response Team.

The lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. This package requires special support which is not in standard version 2.2 kernels. A bug was found in the way the pwmconfig tool creates temporary files. It is possible that a local attacker could leverage this flaw to overwrite arbitrary files located on the system. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2672 to this issue. Users of lm_sensors are advised to upgrade to these updated packages, which contain a backported patch that resolves this issue.

Solution(s)

  • centos-upgrade-lm_sensors
  • centos-upgrade-lm_sensors-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;