Rapid7 Vulnerability & Exploit Database

RHSA-2005:825: lm_sensors security update

Back to Search

RHSA-2005:825: lm_sensors security update

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
08/23/2005
Created
07/25/2018
Added
11/15/2005
Modified
07/12/2017

Description

Updated lm_sensors packages that fix an insecure file issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

The lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. This package requires special support which is not in standard version 2.2 kernels. A bug was found in the way the pwmconfig tool creates temporary files. It is possible that a local attacker could leverage this flaw to overwrite arbitrary files located on the system. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2672 to this issue. Users of lm_sensors are advised to upgrade to these updated packages, which contain a backported patch that resolves this issue.

Solution(s)

  • redhat-upgrade-lm_sensors
  • redhat-upgrade-lm_sensors-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;